‘e 
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1. Top 10 Entities 


Total number of entities 
Total number of links 


Rank Type 

IPv4 Address 
Virus Total File 
IPv4 Address 
IPv4 Address 
IPv4 Address 
IPv4 Address 
Virus Total File 


NO PWD = 


8 IPv4 Address 
9 IPv4 Address 
10 IPv4 Address 


Rank Type 

IPv4 Address 
IPv4 Address 
Domain 

Virus Total File 
Virus Total File 
Domain 
Domain 
Domain 
Domain 


+r OAN DA HKRWN = 


0) Domain 


Rank Type 

IPv4 Address 
IPv4 Address 
Domain 
VirusTotal File 
Virus Total File 
Domain 
Domain 
Domain 
Domain 


+- OMAN OA HKWHND = 


0 Domain 


105 
89 


Ranked by Incoming Links 


Value 
23.106.223.161 
t40x5whtx.dll 
Bie2O2N23239 
193.70.64.169 
85.17.31.82 
SSalif-sdetiee 


e6d9f4fb90f4 1 27f2b6F1 23692583827072529391 ae2eb 


Obf9f83711525c5e21 
23.106.122.108 
42.81.85.167 
117.18.232.200 


Ranked by Outgoing Links 
Value 
117.18.232.200 
1.198.5.220 
codevexillium.org 


Chrome_85_RCE_Full_Exploit_Code.mht 


t40x5whtx.dll 
trophylab.com 
fabioluciani.com 
dronerc.it 
edujikim.com 
coldpacific.com 


Ranked by Total Links 
Value 
117.18.232.200 
1.198.5.220 
codevexillium.org 


Chrome_85_RCE_Full_Exploit_Code.mht 


t40x5whtx.dll 
trophylab.com 
fabioluciani.com 
dronerc.it 
edujikim.com 
coldpacific.com 


Incoming links 


MO NMNMN NYDN DP DY 


Outgoing links 
12 

12 

10 

8 


NETINE NE cn ool 


Total links 
16} 

3 

11 

9 


MOM wa DD Oo 


2. Entities by Type 


Domains (29) 
Transplugin.io 
bestwing.org 
codevexillium.org 
coldpacific.com 
devguardmap.org 
edujikim.com 
hireproplus.com 
ie9cvlist.ie. microsoft.com 
krakenfolio.com 
opsonewSorg.sg 
regclassboard.com 
spotchannel02.com 
trophylab.com 
www.download.windowsupdate.com 
www.fabioluciani.com 


IPv4 Addresses (51) 
1.198.5.220 
108.177.235.178 
117.18.232.200 
14.0.92.60 

IS i25:95 173 
178.162.203.211 
178.162.217.107 
192.168.0.1 
193.29.57.231 
198.54.117.244 
210.219.173.87 
212.114.52.42 
23.106.122.108 
23.106.122.88 
23.106.215.130 
23.106.223.161 
23.81.246.173 
42.81.85.167 
45.147.230.201 
45.153.240.142 
SO wleeeo 
S2223i1F312 103 
61.110.214.203 
62.149.128.151 
62.149.128.157 
85.17.31.82 


angeldonationblog.com 
codebiogblog.com 
colasprint.com 
cutesaucepuppy.com 
dronerc.it 
fabioluciani.com 
hotelboard.org 
investbooking.de 
mediterraneanroom.org 
redeastbay.com 
securielite.com 
transferwiser.io 
wileprefgurad.net 
www.dronerc. it 


103.253.40.225 
108.62.118.136 
118.107.163.120 
162.255.119.131 
178.162.203.202 
178.162.203.226 
188.165.161.229 
192.168.0.165 
193.70.64.169 
198.54.126.85 
211.233.13.82 
212.114.52.57 
23.106.122.133 
23.106.123.191 
23.106.215.15 
23.236.62.147 
37.252.123.239 
45.147.228.158 
45.147.231.213 
BESET leA0ls) 
50.192.28.29 
54.227.98.220 
61.110.215.123 
62.149.128.154 
Souliesiel ee 


VirusTotal Files (25) 


095c601b8da5634b7633cdb7ed039dfb5cd4eb19e076c119d 20090457 


Oa0abb84bec90e7 

20193940 
2f76b025816251a5e348e821425a91c9.virus 
518b6774c6cb08cac76fc79294bcad02. virus 
Installer_recuva.exe 
RECIEPT_98287392092-943.Izh 
cobaltstrike_shellcode.exe 
cobaltstrike_shellcode.exe 
cobaltstrike_shellcode.exe 


e6d9f4fb90f4 1 27f2b6f123692583827072529391 ae2ebObf9f8 


3711525c5e21 
kgfdfjdk.exe 
launcher.exe 
t40x5whtx.dll 


28c1 16629b22b95ea52a1 859a46484b2. virus 
3035ae462a94106ef40d74b3e21 9c618.virus 
Chrome_85_RCE_Full_Exploit_Code.mht 
QQBrowserWebInstaller.exe 

U1603.EXE 

cobaltstrike_shellcode.exe 


cobaltstrike_shellcode.exe 
cobaltstrike_shellcode.exe 
ea2782c91524a64f05b1b867ffid0bb84.virus 


kgfdfjdk.exe 
0.0.0.0.0.exe 


3. Entity Details 


IPv4 Address 
vs maltego.IPv4Address 


117.18.232.200 


Weight 0 


IP Address 117.18.232.200 
Internal false 

owner 

Before 

After 


Include Media Type 

Exclude Media Type 

AS Number 15133 
Continent Oc 


Whois 


NetRange: 117.0.0.0 - 117.255.255.255 

CIDR: 117.0.0.0/8 

NetName: APNIC-117 

NetHandle: NET-117-0-0-0-1 

Parent: () 

NetType: Allocated to APNIC 

OriginAS: 

Organization: Asia Pacific Network Information Centre (APNIC) 
RegDate: 2007-01-17 

Updated: 2010-07-30 

Comment: This IP address range is not registered in the ARIN 
database. 

Comment: For details, refer to the APNIC Whois Database via 
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic- 
bin/whois.pl 

Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet 
Registry 

Comment: for the Asia Pacific region. APNIC does not operate 
networks 

Comment: using this IP address range and is not able to 
investigate 

Comment: spam or abuse reports relating to these addresses. For 
more 

Comment: help, refer to http://www.apnic.net/apnic- 
info/whois_search2/abuse-and-spamming 

Ref: https://rdap.arin.net/registry/ip/117.0.0.0 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
ResourceLink: whois.apnic.net 

OrgName: Asia Pacific Network Information Centre 

Orgld: APNIC 

Address: PO Box 3646 

City: South Brisbane 

StateProv: QLD 

PostalCode: 4101 

Country: AU 

RegDate: 

Updated: 2012-01-24 

Ref: https://rdap.arin.net/registry/entity/APNIC 

ReferralServer: whois://whois.apnic.net 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
OrgTechHandle: AWC12-ARIN 

OrgTechName: APNIC Whois Contact 

OrgTechPhone: +61 7 3858 3188 

OrgTechEmail: search-apnic-not-arin@apnic.ne 

OrgTechRe?: https://rdap. at. unetreatstrentiyiAWC12- -ARIN 
OrgAbuseHandle: AWC 12-A 

OrgAbuseName: APNIC Whois cee 

OrgAbusePhone: +61 7 3858 3188 

OrgAbuseEmail: search-apnic-not-arin@apnic.net 
OrgAbuseRet?: https://rdap.arin.net/registry/entity/AWC12-ARIN 
inetnum: 117.18.232.0 - 117.18.239.255 

netname: EDGECAST-APAC 

descr: EdgeCast Networks Asia Pacific Network 

country: US 

org: ORG-ENI1-AP 

admin-c: DS1380-AP 

tech-c: DS1380-AP 

abuse-c: AE354-AP 

status: ALLOCATED PORTABLE 

remarks: -------------------------------------------------------- 

remarks: To report network abuse, please contact mnt-irt 
remarks: For troubleshooting, please contact tech-c and admin-c 
remarks: Report invalid contact via www.apnic.net/invalidcontact 
remarks: -------------------------------------------------------- 

mnt-by: APNIC-HM 

mnt-lower: MAINT-AP-EDGECAST 

mnt-routes: MAINT-AP-EDGECAST 

mnt-irt: IRT-EDGECAST-AP 

last-modified: 2020-10-20T00:57:56Z 

source: APNIC 

irt: IRT-EDGECAST-AP 

address: 13031 W Jefferson Blvd # 900 

address: Los Angeles, CA 90094 

e-mail: noc@verizondigitalmedia.com 

abuse-mailbox: noc@verizondigitalmedia.com 

admin-c: DS1380-AP 

tech-c: DS1380-AP 

auth: # Filtered 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 

AS Number 

AS Number Owner 
Subnet 

Country Code 

Continent 

Regional Internet Registry 
Tags 

VirusTotal Analysis Summary 


Aggregate Result 


auth: # Filtered 
remarks: noc@verizondigitalmedia.com was validated on 2021- 
04-14 


mnt-by: MAINT-AP-EDGECAST 
last-modified: 2021-04-14T04:24:27Z 

source: APNIC 

organisation: ORG-ENI1-AP 

org-name: EdgeCast Networks, Inc. 

country: US 

address: 13031 W Jefferson Blvd 

address: # 900 

phone: +18773343236 

fax-no: +1-310-861-0376 

e-mail: inet@verizondigitalmedia.com 

mnt-ref: APNIC-HM 

mnt-by: APNIC-HM 

last-modified: 2018-04-20T12:57:18Z 

source: APNIC 

role: ABUSE EDGECASTAP 

address: 13031 W Jefferson Blvd # 900 
address: Los Angeles, CA 90094 

country: ZZ 

phone: +000000000 

e-mail: noc@verizondigitalmedia.com 
admin-c: DS1380-AP 

tech-c: DS1380-AP 

nic-hdl: AE354-AP 

remarks: Generated from irt object IRT-EDGECAST-AP 
abuse-mailbox: noc@verizondigitalmedia.com 
mnt-by: APNIC-ABUSE 

last-modified: 2020-09-23T 13:04:11Z 

source: APNIC 

person: Derrick Sawyer 

address: 13031 W Jefferson Blvd #900, Los Angeles, CA 90094 
country: US 

phone: +1-877-334-3236 

e-mail: derrick.sawyer@verizondigitalmedia.com 
nic-hdl: DS1380-AP 

mnt-by: MAINT-AP-EDGECAST 
last-modified: 2017-01-05T07:11:17Z 

source: APNIC 


1618529393 
EDGECAST 

AU 
117.18.232.0/23 
APNIC 


0 

15133 
EDGECAST 
117.18.232.0/23 
AU 

OC 

APNIC 


harmless - 76 / 84 


VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


Community Votes 
Total votes cast: 0 
Incoming (1) 

Y  VirusTotal File 
Outgoing (12) 

“I! VirusTotal File 


r VirusTotal File 
Y  VirusTotal File 
r VirusTotal File 
r VirusTotal File 
VirusTotal File 
VirusTotal File 
VirusTotal File 
VirusTotal File 
VirusTotal File 


VirusTotal File 
VirusTotal File 


= 


IPv4 Address 
maltego.IPv4Address 


15196-0-220 


Number of Analysis 
0 

0 

76 


yy Se eo © 


Chrome_85_RCE_Full_ Exploit_Code.mht 


095c601b8da5634b7633cdb7ed039dfo5cd4eb19e076c119d0a0a 
bb84bec90e7 


20090457 

20193940 

28c116629b22b95ea52a1 859a46484b2 virus 
3035ae462a941 06ef40d74b3e219c618.virus 
518b6774c6cb08cac76fc79294bcad02. virus 
U1603.EXE 

cobaltstrike_shellcode.exe 
cobaltstrike_shellcode.exe 


e6d9f4fb90F4127f2b6f1 23692583827072529391 ae2eb0bf9f8371 1 
525c5e21 


ea2782c91524a64f05b1b867ffd0bb84. virus 
0.0.0.0.0.exe 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
AS Number 
Continent 


0 
1.198.5.220 
false 


137687 
AS 


Whois 


NetRange: 1.0.0.0 - 1.255.255.255 

CIDR: 1.0.0.0/8 

NetName: APNIC-1 

NetHandle: NET-1-0-0-0-1 

Parent: () 

NetType: Allocated to APNIC 

OriginAS: 

Organization: Asia Pacific Network Information Centre (APNIC) 
RegDate: 

Updated: 2010-07-30 

Comment: This IP address range is not registered in the ARIN 
database. 

Comment: For details, refer to the APNIC Whois Database via 
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic- 
bin/whois.pl 

Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet 
Registry 

Comment: for the Asia Pacific region. APNIC does not operate 
networks 

Comment: using this IP address range and is not able to 
investigate 

Comment: spam or abuse reports relating to these addresses. For 
more 

Comment: help, refer to http://www.apnic.net/apnic- 
info/whois_search2/abuse-and-spamming 

Ref: https://rdap.arin.net/registry/ip/1.0.0.0 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
ResourceLink: whois.apnic.net 

OrgName: Asia Pacific Network Information Centre 

Orgld: APNIC 

Address: PO Box 3646 

City: South Brisbane 

StateProv: QLD 

PostalCode: 4101 

Country: AU 

RegDate: 

Updated: 2012-01-24 

Ref: https://rdap.arin.net/registry/entity/APNIC 

ReferralServer: whois://whois.apnic.net 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
OrgTechHandle: AWC12-ARIN 

OrgTechName: APNIC Whois Contact 

OrgTechPhone: +61 7 3858 3188 

OrgTechEmail: search-apnic-not-arin@apnic.ne 

OrgTechRe?: https://rdap. at. unetreatstrentiyiAWC12- -ARIN 
OrgAbuseHandle: AWC 12-A 

OrgAbuseName: APNIC Whois cee 

OrgAbusePhone: +61 7 3858 3188 

OrgAbuseEmail: search-apnic-not-arin@apnic.net 
OrgAbuseRet?: https://rdap.arin.net/registry/entity/AWC12-ARIN 
inetnum: 1.192.0.0 - 1.199.255.255 

netname: CHINANET-HA 

descr: CHINANET henan province network 

descr: henan Telecom Corporation 

descr: 97# Zhongyuan Street, Zhengzhou,henan,China 
country: CN 

admin-c: HZ149-AP 

tech-c: HZ149-AP 

status: ALLOCATED PORTABLE 

remarks: Henan Telecom Corporation hostmaster 

mnt-by: APNIC-HM 

mnt-lower: MAINT-CHINANET-HA 

mnt-routes: MAINT-CHINANET-HA 

last-modified: 2015-08-26T01:47:16Z 

source: APNIC 

mnt-irt: IRT-CHINANET-CN 

irt: IRT-CHINANET-CN 

address: No.31 ,jingrong street,beijing 

address: 100032 

e-mail: anti-spam@ns.chinanet.cn.net 

abuse-mailbox: anti-spam@ns.chinanet.cn.net 

admin-c: CH93-AP 

tech-c: CH93-AP 

auth: # Filtered 

mnt-by: MAINT-CHINANET 

last-modified: 2010-11-15T00:31:55Z 

source: APNIC 

person: Hongbiao Zhang 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 
AS Number 

AS Number Owner 
Subnet 

Country Code 
Continent 

Regional Internet Registry 
Tags 

Virus Total Analysis Summary 
Aggregate Result 
VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


person: Hongbiao Zhang 

nic-hdl: HZ149-AP 

e-mail: ip@hntele.com 

address: 97# Zhongyuan Street, Zhengzhou City, China 
phone: +86 371 65310018 

fax-no: +86 371 65310015 

country: CN 

mnt-by: MAINT-CHINANET-HA 

last-modified: 2008-09-04T07:29:40Z 

source: APNIC 


1616714921 

Luoyang, Henan Province, P.R.China. 
CN 

1.198.4.0/23 

APNIC 


0 

137687 

Luoyang, Henan Province, P.R.China. 
1.198.4.0/23 

CN 

AS 

APNIC 


harmless - 83 / 83 


Number of Analysis 


0 


Community Votes 
Total votes cast: 0 


Incoming (1) 

"Y  VirusTotal File 
utgoing (12) 

Y VirusTotal File 
Virus Total File 
Virus Total File 


Chrome_85_RCE_Full_Exploit_Code.mht 


O 


2f76b025816251a5e3486821425a91C9.virus 


Installer_recuva.exe 


QQBrowserWeblnstaller.exe 


—  VirusTotal File RECIEPT_98287392092-943.Izh 
“  VirusTotal File cobaltstrike_shellcode.exe 
- VirusTotal File cobaltstrike_shellcode.exe 
“  VirusTotal File cobaltstrike_shellcode.exe 
* VirusTotal File cobaltstrike_shellcode.exe 


VirusTotal File e6d9f4fb90f41 27f2b6f1 23692583827072529391 ae2eb0bf9f8371 1 


VirusTotal File 


525c5e21 
“  VirusTotal File kgfdfjdk.exe 
“  VirusTotal File kgfdfjdk.exe 


launcher.exe 


Domain 
maltego.Domain 


codevexillium.org 


Weight 0 
Domain Name codevexillium.org 


WHOIS Info Creation Date: 2020-11-20T14:16:30Z 
DNSSEC: unsigned 
Domain Name: CODEVEXILLIUM.ORG 
Domain Status: serverDeleteProhibited 
https://icann.org/epp#serverDeleteProhibited 
Domain Status: serverUpdateProhibited 
https://icann.org/epp#serverUpdateProhibited 
Name Server: SINKHOLE-00.SHADOWSERVER.ORG 
Name Server: SINKHOLE-01.SHADOWSERVER.ORG 
Name Server: SINKHOLE-02.SHADOWSERVER.ORG 
Name Server: SINKHOLE-03.SHADOWSERVER.ORG 
Name Server: SINKHOLE-04.SHADOWSERVER.ORG 
Name Server: SINKHOLE-A.SHADOWSERVER.ORG 
Name Server: SINKHOLE-B.SHADOWSERVER.ORG 
Registrant Country: IS 
Registrant Organization: 4b7a0912c26a13e2 
Registrant State/Province: 3e02041 99d8ebf9c 
Registrar Abuse Contact Email: abuse@namecheap.com 
Registrar Abuse Contact Phone: +1.6613102107 
Registrar IANA ID: 1068 
Registrar URL: http://www.namecheap.com 
Registrar WHOIS Server: whois.namecheap.com 
Registrar: NameCheap, Inc. 
Registry Domain ID: D402200000015224531-LROR 
Registry Expiry Date: 2021-11-20T14:16:30Z 
Updated Date: 2021-01-28T14:53:13Z 


Virus Total Domain Summary 
VirusTotal Reputation -1 


Tags 


VirusTotal Analysis Summary 
Aggregate Result 
VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


View on Virus Total 


harmless - 61 / 84 


Number of Analysis 
0 

0 

61 

15 


84 


GUI Url: https://www.virustotal.com/gui/domain/codevexillium.org 


Categories 
Engines 


Dr.Web 
Forcepoint ThreatSeeker 


sophos 


Webroot 


Community Votes 
Total votes cast: 1 


Harmless: 0/1 
Malicious: 1/1 


Category 
known infection source 


bot networks. compromised websites. advanced 
malware command and control 


malware repository, spyware and malware 


Malware Sites 


Incoming (1) 


‘ VirusTotal File === Chrome, 85_RCE_Full_ Exploit_Code.mht 


Outgoing (10) 


178.162.203.202 

178.162.203.211 

178.162.203.226 

178.162.217.107 

23.106.223.161 

Bele) 

5974-225 

Ces I22 

85.17.31.82 
Chrome_85_RCE_Full_Exploit_Code.mht 


See ee FFE 


= VirusTotal File 
@W maltego.virustotal.File 


Chrome_85_ RCE_Full_Exploit_Code.mht 


Weight 
MeaningfulName 
File Id 


Names 

File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 
SSDEEP 


Magic 

File Size 

Tags 

Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
Reputation 


0 
Chrome_85_RCE_Full_Exploit_Code.mht 


edffo5aa9c2b1602699376ea38547 1055b790dcda18981674e5a30 
da45ef4d2d 


Chrome_85_RCE_Full_Exploit_Code.mht 

CPP 

C++ 

04958d43324ef59827d9b34b04f1f681 

5642f1 ad91ded8127e9a8c2cf0e2da8e6d6fd486 


edffo5aa9c2b1602699376ea38547 1055b790dcda18981674e5a30 
da45ef4d2d 


12288:FDO8+v00zsC Yv0zz26urP60Ve0GgdTIQxOHE5ED1vB9V 
GwMOHE5ED1v8:908+v00zsCYv0zz26urPfVeFgdT Wk5E9 


ASCII C++ program text, with CRLF line terminators 
776230 
cpp 


null 
2021-03-22T07:15:49Z 
2021-03-22T07:15:49Z 
2021-03-22T09:16:59Z 
0 


0 
1 
0 


Vifile 


{"attributes":{"first_submission_date":"1 61 6397349", "last_analysis 
date":"1616397349","last_analysis_results":{"Bkav":{"category": 
undetected","engine_ name": "Bkav","engine_update":"20210320"," 
engine_version":"1.3.0.9899", "method": "placklist"},"Elastic":{"categ 
ory": "type- 
unsupported","engine_name":"Elastic","engine_update":"2021021 
7","engine_version":"4.0.17","method":"blacklist"},"DrWeb":{"categ 
ory":"undetected","engine __ name":"DrWeb" ,"engine_update":"2021 
0322","engine_version":"7.0.49.9080","method":"blacklist"},"Micro 
World- 
eScan" {"category": undetected","engine_name":"MicroWorld- 
eScan"," ‘engine_ update": "20210322", “engine_ version": "14. 0.409.0 
i "method" ‘"blacklist"},"CMC":{"category":"undetected","engine_na 
me": "CMC","engine_update":"2021 0312","engine_version":"2.1 0.2 
019.1","method”: “blacklist"},"CAT- 
QuickHeal": {"category": "undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210321","engine_version":"14.00" 
,"method":"blacklist"},"McAfee":{"category":"undetected","engine_n 
ame":"McAfee","engine_update":"20210322","engine_version":"6. 
0.6.653","method": “blacklist’}, "Malwarebytes": {"category":"undetec 
ted","engine_ name":"Malwarebytes","engine_update":"20210322", 
"engine_version":"4.2.1.18", "method": "blacklist"},"Zillya":{"category 
"s"undetected","engine_| name": "Zillya","engine_update":"20210320 
","engine_version":"2.0.0.4320","method":"blacklist"},"SUPERAnti 
Spyware" {"category": "undetected","engine_name":"SUPERAntiSp 
yware","engine_ update":"20210319", "engine_version":"5.6.0.1032 
""method": “blacklist’}, ;"Sangfor":{"category":"undetected","engine_ 
name": "Sangfor","engine_update":"20210318" "engine _| version":"2 
9. 0.0","methoa": “blacklist’}, "K7AntiVirus" :{"category":"undetected" 
,"engine_name":"K7AntiVirus","engine_update":"20210322","engin 
e. version":"11.172.36745", "method": "blacklist"},"Alibaba":{"catego 
ry": "type- 
unsupported","engine_name"."Alibaba","engine_update":"2019052 
7","engine_version":"0.3.0.5","method":"blacklist"},"K7GW":{"categ 
ory":"undetected","engine_ name": "K7GW","engine_update":"2021 
0322","engine_version":"11.172.36745", "method": "blacklist"},"Trus 
tlook":{"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
322","engine_version":"1.0","method":"blacklist"},"BitDefenderThet 
a":{"category":"undetected","engine_name":"BitDefenderTheta","e 
ngine_update":"20210316","engine_version":"7.2.37796.0","metho 
d":"blacklist"},"Cyren":{"category":"undetected","engine_name":"C 
yren","engine_update":"20210322","engine_version":"6.3.0.2","me 
thod": "blacklist"}, "SymantecMobileInsight": {"category": "type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method": "blacklist", cS 
ymantec":{"category":"timeout","engine__ name": "Symantec","engin 
e_update":"20210321","engine_version":"1.14.0.0","method":"blac 
Klist") BE SEM 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210322","engine_version":"23003"," 
method":"blacklist","result":"JS/TrojanDownloader.Agent.XHK"},"A 
PEX":{"category":"type- 
unsupported","engine_name":"APEX","engine_update":"20210319 
""engine_version":"6.144","method":"blacklist"},"TrendMicro- 
HouseCall": {' ‘category": "undetected" ,"engine_name":"TrendMicro- 
HouseCall","engine_| update"."20210322","engine_version"."10.0.0 
-1040","method":"blacklist"},"Avast":{"category":"undetected",' ‘engi 
ne_| name":"Avast" ,"engine_update":"20210322","engine_ version”: 
"21.1.5827.0", "method": “blacklist’}, "ClamAV":{"category":"undetec 
ted","engine_name":"ClamAV","engine_update":"20210321","engi 
ne_version":"0.103.1 .0","method":"blacklist"},"Kaspersky":{"catego 
ry":"malicious","engine_name":"Kaspersky",""engine_update":"202 
10322","engine_version":"15.0.1.13","method":"blacklist","result":" 
HEUR: Exploit. Script. Agent. gen}, "BitDefender’: {"category": "undet 
ected","engine_name":"BitDefender","engine_update":"20210322", 
"engine _ version":"7.2","method": "blacklist", "NANO- 
Antivirus" {"category": "malicious", “engine_name":"NANO- 
Antivirus","engine_update":"20210322","engine_version":"1.0.146. 
25265","method":"blacklist’,"result":"Trojan. Script. Heuristic- 
js.iacgm"},"Paloalto":{"category":"type- 
unsupported","engine_name":"Paloalto","engine_update":"202103 
22" ,"engine_version":"1.0", "method": "blacklist", "ViRobot":{"catego 
ry":"malicious","engine_name":"ViRobot","engine_update":"20210 
322" “engine_version"."201 4.3.20.0","method":"blacklist”,"result":" 
MHTML.S.Agent. 776230"}, "Rising":{"category":"undetected", “engi 
ne_name":"Rising","engine_update":"20210322","engine_version": 
"25.0.0.26", "method": "placklist"},"Ad- 


"25.0.0.26","method"."blacklist"},"Ad- 
Aware":{"category":"undetected","engine_name":"Ad- 
Aware","engine_update": "20210322", "engine_version":"3.0.16.117 
a "method": “blacklist’}, "Sophos":{"category":"undetected","engine_ 
name":" ‘Sophos","engine_update":"20210322" "engine_version":"1 
.0.2.0","method":"blacklist"},"Comodo":{"category":"undetected","e 
ngine_name":"Comodo","engine_update":"20210321","engine_ver 
sion":"33366","method":"blacklist"},"F- 
Secure" ‘{" ‘category”: "undetected","engine_name":"F- 
Secure","engine_update":"20210322","engine_version":"12.0.86.5 
ue "method": "placklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318" "engine_| version": 0) 
.0.2","method":"blacklist"},"VIPRE":{"category":"undetected","engin 
e_name":"VIPRE","engine_update":"20210322","engine_ version": o 
91266","method":"blacklist"},"TrendMicro":{"category":"malicious", 
engine_name":"TrendMicro","engine_update":"20210322" engine 
_version":"11.0.0.1006","method":"blacklist","result":"HEUR_HTJS 
-HDJSFN"},"McAfee- GW- 
Edition":{"category":"undetected","engine_name":"McAfee-GW- 
Edition","engine_update":"20210322", "engine_ version":"v2019.1.2 
+3728","method": “blacklist"}," 'SentinelOne" {"category": "type- 
unsupported","engine_name":"SentinelOne","engine_update":"202 
1021 5". "engine_version":"5.0.0.20","method":"blacklist’},”"Trapmin 
e":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"FireEye": 
{' category": "undetected","engine__ name": "FireEye","engine_updat 
e":"20210322" "engine_| version": "32. 44.1.0", "method": "blacklist"}," 
Emsisoft" :{"category":"undetected","engine_name":"Emsisoft","en 
gine_update":"20210322","engine_' version""2018.12.0. 1641","met 
hod":"blacklist"},"Ikarus": "category": "malicious","engine_| name":"Ik 
arus","engine_update":"20210321","engine_version":"0.1.5.2","me 
thod":"blacklist","result":"Trojan- 
Downloader.JS.Agent"},"GData":{"category":"undetected","engine 
_name":"GData","engine_update":"20210322","engine_| version":"A 
125.29037B: 27. PPVAS. "method": "blacklist"}, "Jiangmin":{"category" 
:"undetected","engine_name":"Jiangmin","engine_update":"20210 
320" "engine _' 'version”:"16.0. 100", "method": "blacklist"},"Webroot":{ 
"category": "type- 
unsupported","engine_name":"Webroot","engine_update":"202103 
oe "engine_| version": "1.0.0.403", "method": “blacklist’}, "Avira":{"cat 
egory":"undetected","engine_name":"Avira","engine_update":"202 
10322","engine_| version”:"8.3.3. 1a, "method": "blacklist"},"eGambit 
"{"category": “type- 
unsupported","engine_name":"eGambit","engine_update":"202103 
22","methoa": “blacklist’}, "Antiy- 
AVL": {"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210318","engine_version":"3.0.0.1","met 
hod": "blacklist’}, "Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210322","engine_version":"2017. 
9.26.565", "method": "placklist"},"Gridinsoft":{"category":"undetecte 
d","engine_name":"Gridinsoft", “engine_| update":"20210322", “engin 
e_version":"1.0.32.123", "method": ‘placklist"},"Arcabit":{"category": 
"undetected","engine_name":"Arcabit","engine_update":"2021032 
2","engine_version":"1.0.0.881", "method": "blacklist"},"AegisLab":{" 
category":"undetected","engine_name":"AegisLab","engine_updat 
e":"20210322" "engine _| version": "4.2", "method": "blacklist'}, "ZoneA 
farm’ :{"category":"malicious","engine_name":"ZoneAlarm","engine 
_update":"2021 0322","engine_version":"1 .0","method":"blacklist","r 
esult":"HEUR:Exploit.Script.Agent.gen"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210321","engine_version":"210321- 
O27 "method": "blacklist"},"Microsoft": "category": "malicious","engin 
e_name":"Microsoft","engine_update":"20210322","engine_versio 
n":"1.1.17900.7", "method": "blacklist", “result”: "Trojan: Script/Worefli 
nt Alcl"y, "Cynet":{"category":"undetected","engine_name":"Cynet", 
"engine_update":"20210322", "engine_version":"4.0.0.25","method 
""blacklist"}, "BitDefenderFalx": {"category": “type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210322","engine_version":"3.19.5.10130" 
"method": "blacklist", "result": "Exploit/HTML. Agent}, "Acronis":{"cat 
egory":"undetected","engine_name":"Acronis","engine_update":"2 
0210211","engine_' version":"1.1.1. Silige "method": "blacklist"},"VBA3 
2"{"category": "undetected" "engine_| name":"VBA32","engine_upd 
ate":"20210319","engine_version":"4.4.1","method":"blacklist"},"AL 
Wace category": "undetected","engine_| name": "ALYac","engine_u 
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Yac":{"category":"undetectea", “engine_| name":"ALYac","engine_u 
pdate":"20210322","engine_version":"1.1.3.1","method":"blacklist"} 
,"MAX":{"category": "undetected","engine_| name":"MAX" ,"engine_u 
pdate": "20210322","engine_version":"2019.9.16.1 ""method":"blac 
klist"},"Cylance":{"category”:"type- 
unsupported","engine_name"."Cylance","engine_update":"202103 
22","engine_version":"2.3.1.101","method":"blacklist"},"Zoner":{"ca 
tegory":"undetected","engine_name":"Zoner","engine_update":"20 
210321" "engine _| version": "0.0.0.0", "method": "blacklist", "Tencent" 
:{"category":"undetected","engine_name":"Tencent","engine_updat 
e":"20210322","engine_' version":"1.0.0. 1","method": "blacklist"}, "Ya 
pes :{"category":"undetected","engine__ name":"Yandex" ,"engine_ 
update":"20210321","engine_| version":"5.5.2. 24","method":"blackli 
st"},"TACHYON":{"category":"undetected" engine. name":"TACH 
YON","engine_update":"20210322","engine_version":"2021 -03- 
22. 01","method":"blacklist"}, "MaxSecure": {"category":"undetected" 
,"engine_name":"MaxSecure","engine_update": “20210320","engin 
@_version":"1.0.0. ils "method": "blacklist"},"Fortinet":{"category":"un 
detected","engine_| name":"Fortinet", "engine_update":"20210322"," 
engine_| version": "6.2.142.0", "method": "placklist"},"Cybereason":{"c 
ategory":"type- 
unsupported","engine_name":"Cybereason","engine_update":"202 
10307","engine_version":"1.2.449", "method": "placklist"},"Panda":{" 
category":"undetected","engine_name":"Panda","engine_update":" 
20210321" "engine _ version":"4.6.4. 2","method":"blacklist"},"Crowd 
Strike":{"category":"type- 
unsupported","engine_name":"CrowdStrike","engine_update":"202 
10203","engine_ version": mleOu. ,"method": "blacklist’}, ale 
360": {"category”: "undetected","engine_name":"Qiho 
360","engine_update": "20210322", "engine — version": my OOsMZORe 
method": “placklist"}},"last analysis stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":9,"Suspicious":0,"tim 
eout":1 ,"type- 
unsupported":15,"undetected":49},"last_modification_date":"16164 
04619","last_submission_date":"1616397349","md5":"04958d4332 
4ef59827d9b34b0411 1681", “meaningful_| name":"Chrome_85_ RCE 
_Full_Exploit_Code.mht","names":["Chrome_85_RCE_Full_Exploi 
t_Code.mht", “reputation”: "0O","sha1":"5642f1ad91ded8127e9a8c2 
ci0e2da8e6d6td486","sha256":"edffb5aa9c2b1602699376ea3854 
71055b790dcda18981674e5a30da45ef4d2d","size":"776230","tag 
s"["cpp"],"times_submitted":"1","total_votes":{"harmless":"0","malli 
cious":"0"},"type_description":"C++","type_tag":"cpp","Unique_sour 
ces":"1","magic":"ASCII C++ program text, with CRLF line 
terminators","ssdeep":"12288:FDO8+v00zsCYv0zz26urP60Ve0G 
gdTiQxOHE5ED1vB9VdwMOHE5ED1v8:908+v00zsC Yv0zz26ur 
PfVeFgdTWk5E9"},"id":"edffo5aa9c2b1602699376ea385471055b 
790dcda18981674e5a30da45ef4d2d","links":{"self":"https:/Awww.vi 
rustotal.com/api/v3/files/edffo5aa9c2b1602699376ea385471055b 
790dcda18981674e5a30da45ef4d2d"},"type":"file"} 
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{"attributes":{"creation_date":"1597770900","first_submission_date 
""1599493439","last_analysis_date":"1616389107","last_analysis 
_results":{"Bkav":{"category":"undetected","engine_ name”: "Bkav"," 
engine_update":"20210320","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_name":"Ela 
stic","engine_update":"20210217","engine_version":"4.0.17","meth 
od":"blacklist","result":"malicious (high 
confidence)"}, "“Cynet”: {"category":"undetected","engine_name":"C 
ynet","engine_| update": "20210322" “"engine_| version": "4.0.0.25","m 
ethod":"blacklist"},"CMC":{"category":"undetected","engine_name": 
"CMC","engine_update":"20210312","engine_version":"2.10.2019. 
1","method": "blacklist"}, CAT 
QuickHeal" :{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210321","engine_version":"14.00" 
,"method":"blacklist","result":"W97M.Downloader.40467"},"McAfee 
m :{"category":"malicious","engine_name":"McAfee","engine_update 
""20210322","engine_version":"6.0.6.653","method":"blacklist","re 
sult":"RDN/GenMIwB"},"Malwarebytes":{"category":"undetected"," 
engine_name":"Malwarebytes","engine_update":"20210322","engi 
ne_version":"4.2.1.18","method":"blacklist"},"Zillya":{"category":"un 
detected","engine_name":"Zillya","engine_update":"20210320","en 
gine_version":"2.0.0.4320","method":"blacklist"},"Paloalto":{"categ 
ory":"type- 
unsupported","engine_name":"Paloalto","engine_update":"202103 
22","engine_version":"1.0","method":"blacklist"},"Sangfor":{"catego 
ry":"malicious","engine_name":"Sangfor","engine_update":"20210 
318","engine_version":"2.9.0.0","method":"blacklist","result":"Malw 
are.Generic- 
Macro.Save.eeec06ba"}, "K7AntiVirus": {"category":"undetected","e 
ngine_name":"K7AntiVirus","engine_update":"20210322", a SnCInG!. 
version":"11.172.36745","method": “blacklist"},"Alibaba": "category" 
‘"type- 
unsupported","engine_name":"Alibaba","engine_update"."201 9052 
7","engine_version":"0.3.0.5","method":"blacklist"},"K7GW":{"categ 
ory":"undetected","engine_ name": "K7GW","engine_update":"2021 
0322","engine_version":"11.172.36745", "method": "blacklist"},"Trus 
tlook":{"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
322","engine_version":"1.0","method":"blacklist"},"BitDefenderThet 
a":{"category":"undetected","engine_name":"BitDefenderTheta","e 
ngine_update":"20210316","engine_version":"7.2.37796.0", eth 
d":"blacklist"},"Cyren":{"category":"malicious","engine_name":"Cyr 
en","engine_update":"20210322","engine_version":"6.3.0.2","meth 
od":"blacklist","result":"Trojan.IYDN- 
3"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate"."2021 0126","engine_version":"2.0","method":"blacklist"}, ie 
ymantec":{"category":"malicious","engine_name":"Symantec","e 
ine_update":"20210321","engine_version":"1.14.0.0","methoad": “bla 
cklist","result":"Trojan. Gen. 2a ES ENE 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_| update": "20210322","engine_version":"23003"," 
method":"blacklist","result":"VBA/TrojanDropper.Agent.BMN"}, "Bai 
du":{"category": "undetected","engine_name":"Baidu","engine_upd 
ate":"20190318","engine_version":"1.0.0.2","method":"blacklist"}," 
TrendMicro- 
HouseCall": i ‘category":"undetectea","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210322","engine_version":"10.0.0 
-1040", "method": “blacklist"},"Avast":{"category":"malicious","engin 
e_name":"Avast","engine_| update": "20210322","engine_version":" 
Pll 5827201 "method": "blacklist","result": "Other:Malware- -gen 
[Trj]"}, "ClamAV": {"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210321","engine_version":"0.103.1.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210322" "engine_version":"1 &. 
0.1.13","method":"blacklist","result":"HEUR:Trojan.MSOffice.SAge 
nt.gen"},"BitDefender":{"category":"malicious","engine_name":"Bit 
Defender","engine_update”: "20210322", "engine_version":"7.2","m 
ethod":"blacklist","result":"VB. Heur.EmoooDidr.4.405C4F37.Gen"} 
,"NANO- Antivirus": {"category":"malicious","engine_name":"NANO- 
Antivirus" ,"engine_update":"20210322","engine_version":"1.0.146. 
25265","method":"blacklist","result":"Trojan.Ole2.Vbs- 
heuristic. druvzi"}, "ViRobot":{"category":"malicious","engine_name" 
:"ViRobot","engine_update":"20210321","engine_version":"2014.3. 
2O!0n "method": "blacklist","result": "W97M.S.Downloader.533504"}, 
"SUPERAntiSpyware": {"category":"undetected","engine_name":"S 
UPERAntiSpyware","engine_update":"20210319","engine_version 
TSE). 032","method":"blacklist"},"MicroWorld- 


""5.6.0.1032","method":"blacklist"},"MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210322","engine_version":"14.0.409.0 
. "method": "blacklist","result":"VB.Heur.EmoooDldr.4.405C4F37.G 
en"}, WARE Xue {"category": "type- 
unsupported","engine_name":"APEX","engine_update":"20210319 
z engine version":"6.144","method":"blacklist"},"Rising":{"category 
:"malicious","engine_ name": "Rising","engine_update":"20210322" 
,"engine_| version”:"25.0.0. 26","method":"blacklist","result":"Macro. 
Run.e (CLASSIC)’}, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210322","engine_version":"3.0.16.117 
¥ "method": "blacklist","result":"VB. Heur.EmoooDidr.4.405C4F37.G 
en"}, "Emsisoft":{"category":"malicious","engine_name":"Emsisoft"," 
engine_update":"20210322","engine_version":"2018.12.0.1641"," 
method":"blacklist","result":"VB.Heur.EmoooDldr.4.405C4F37. Gen 
(B)"},"Comodo":{' category": "malicious","engine_name":"Comodo", 
"engine_update":"20210321","engine_version":"33366","method": " 
blacklist","result": "Malware@#2wuvfhhu9gok7"}, "F- 
Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210322","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210322","engine_ version":"7.0 
.49.9080","method":"blacklist","result":"modification of 


W97M. Suspicious. ila "VIPRE": {"category":"malicious","engine_na 
me":"VIPRE","engine_update":"20210322","engine_' version": "9126 
2","method": "blacklist", "result":"LooksLike.Macro.Malware.k 
(v a "TrendMicro":{"category":"undetected","engine_name":"Trend 
Micro","engine_update":"20210322","engine_version":"11.0.0.100 
6","method":"blacklist"},"McAfee-GW- 
Edition": {"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210321","engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.OLE2.Bad- 
VBA.hr"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": “placklist"},"FireEye": 
{' category": "malicious","engine_| name": "FireEye","engine_update": 
"20210322","engine_version":"32.44.1.0","method":"blacklist","res 
ult": "VB.Heur.EmoooDldr.4.405C4F37. Gen"}, "Sophos":{"category" 
:"malicious","engine_name":"Sophos","engine_update":"20210321 
i ,"engine_version":"1.0.2.0","method":"blacklist","result":"Troj/Doc 
Drp- 
AAG"},"Ikarus":{"category":"malicious",""engine_name":"Ikarus","en 
gine_update":"20210321","engine_| version":"0.1.5. 2","method": "bla 
cklist","result":"VB.Heur. EmoooDidr"}, "GData": {"category": "malicio 
us","engine_name":"GData","engine_update":"20210322","engine 
“version”: "A:25.29035B:27. 20374", "method":"blacklist", "result":"V 
B.Heur.EmoooDidr.4.405C4F37. Gen}, "Jiangmin":{"category":"un 
detected","engine_name":"Jiangmin","engine_update":"20210322" 
,"engine_version":"16.0.100","method":"blacklist"},"Webroot":{"cat 
egory":"type- 
unsupported","engine_name":"Webroot","engine_update":"202103 
22","engine_version":"1.0.0.403","method":"blacklist"},"Avira":{"cat 
egory":"undetected","engine_name":"Avira","engine_update":"202 
10322", "engine | version":"8.3.3. Ve, "method": "placklist"},"eGambit 
"{"category":"type- 
unsupported","engine_name":"eGambit","engine_update":"202103 
22","method":"blacklist"},"Antiy- 
AVL": {"category": mundelocted’, ,"engine_name":"Antiy- 
AVL","engine_update":"20210318","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210322","engine_version":"2017. 
9. 26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210322","engine_ 
version":"1.0.32.123","method":"blacklist","result":"Trojan.U.Agent. 
oa"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","en 
gine_update":"20210322","engine_version":"1.0.0.881 ""method":" 
blacklist","result":"VB. Heur. EmoooDldr.4.405C4F37.Gen"},"AegisL 
ab": {"category": "malicious","engine_name":"AegisLab","engine_up 
date":"20210322","engine_version":"4.2","method":"blacklist","resu 
It":"Trojan. MSOffice. SAgent.4!c"}, "ZoneAlarm": {"category": "undete 
cted","engine_name":"ZoneAlarm","engine_update":"20210322","e 
ngine_version":"1.0","method": "blacklist'}, "Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210321","engine_version":"210321- 
Oe "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210322","engine_versio 
n":"1.1.17900.7","method":"blacklist","result": "TrojanDownloader:O 


n":"1.1.17900.7","method":"blacklist","result":"TrojanDownloader:O 
97M/Obfuse. YAM!MTB"},"TACHYON":{"category":"malicious","en 
gine_name":"TACHYON","engine_update":"20210322","engine_v 
ersion":"2021-03- 
22.01","method":"blacklist","result":"Suspicious/W97M.Downloader 
.Gen"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936", "method": "blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210322","engine_version":"3.19.5.10130" 
,"method":"blacklist","result":" Downloader/DOC.Generic"},"Acronis 
uF :{"category": "undetected" ,"engine_| name":"Acronis","engine_upda 
te":"20210211","engine_version":"1.1.1.81", "method": "blacklist"}," 
VBA32":{"category":"undetected","engine_name":"VBA32","engine 
_update":"20210319","engine_version":"4.4.1","method": "blacklist" 
},"ALYac":{"category":"malicious","engine_| name": "ALYac","engine 
_update":"20210322", "engine_version":"1 allashl " “method":"blackli 
st","result":"Trojan.Downloader.DOC.Gen"},"MAX":{"category":"ma 
licious" ,"engine_name":"MAX","engine_update":"20210322","engi 
ne_version":"2019.9.16.1","method":"blacklist","result":"malware 
(ai score\u003d100)"}, "Cylance" :{"category":"type- 
unsupported","engine_name":"Cylance","engine_update"."2021 03 
22","engine_version":"2.3.1.101","method":"blacklist"},"Zoner":{"ca 
tegory":"undetected","engine_name":"Zoner","engine_update":"20 
210321" "engine _ version":"0.0.0.0", "method": "blacklist, "Tencent" 
:{"category":"malicious","engine_name":"Tencent","engine_update 
""20210322","engine_' version":"1.0.0. 1","method": “blacklist”, "resul 
tee "Heur. Macro. Generic. a.5ee041 }04"}, "Yandex": {"category": "undet 
ected","engine_name":"Yandex","engine_update":"20210321","en 
gine version":"5.5.2. 24","method""blacklist"},"SentinelOne" :{"cate 
gory":"malicious","engine_name":"SentinelOne","engine_update":" 
20210215" “engine_version":"5.0.0.20","method": "blacklist","result 
""Static Al - Malicious 
OLE"},"MaxSecure":{"category":"undetected","engine_name":"Max 
Secure","engine_update":"20210320" "engine. version":"1.0.0.1"," 
method": "blacklist"}, "Fortinet":{"category":"malicious","engine_nam 
e":"Fortinet","engine_update":"20210322","engine_version":"6.2.1 
42. Ox "method": "blacklist","result":"VBA/Agent.BA97!tr"},"AVG":{"c 
ategory": "malicious", "engine name":"AVG","engine_update":"202 
10322","engine_version":"21.1.5827.0","method":"blacklist","result 
""Other: Malware- -gen [Trj]"}, "Cybereason" -{" category": "type- 
unsupported","engine_name":"Cybereason","engine_update":"201 
80308", "method": "blacklist"}, "Panda "category": "undetected","en 
gine_name":"Panda","engine_update":"20210321" "engine_| versio 
n":"4.6.4.2",""method":"blacklist"},"CrowdStrike" :{"category":"type- 
unsupported”. "engine_name":"CrowdStrike","engine_update":"201 
80202","engine_version":"1.0","method": "blacklist", "Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_| update": "20210322", "engine_version":"1.0.0.1120"," 
method":"blacklist","result":"virus. office. qexvmc.1080"}},"last_anal 
ysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":37,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":13,"undetected":25},"last_modification_date":"16163 
96325","last_submission_date":"1599493439","md5":"8ed89d14de 
e005ea59634aade 1 5dba97" ,"meaningful_name":"t40x5whtx.dll"," 
names":["t40xS5whtx.dll", "GDLS  2020090392828334.doc"), "reputa 
ne Wie 
56","sha1":"ea93acf0c278dd59e29ae1 402d35db8e0f3ae966","sha 
256":"9c906c2f3bfb24883a8784a92515e6337e1 76731 481 6d5d97 
38f9ec1 82beaf44","size":"533504","tags":["obfuscated","open- 
file","enum- windows", "exe-pattern","handle-file","doc", "runtime- 
modules", "create- file", "run-file","checks- network- 
adapters","macros","run-dll" "environ","direct-cpu-clock- 
access","write-file", “create- 
ole"],"times_submitted":"1","total_votes":{"harmless":"0","malicious 
"1" "type description": "MS Word 
Document","type_tag":"doc","unique_sources":"1","vhash":"73a90f 
3436737bd95f08e54be0d54fad", "magic":"CDF v2 Document, 
Little Endian, Os: Windows, Version 6.2, Code page: 1252, 
Author: OMEScope, Template: Normal.dotm, Last Saved By: 
John, Revision Number: 3, Name of Creating Application: 
Microsoft Office Word, Create Time/Date: Mon Aug 17 17:15:00 
2020, Last Saved Time/Date: Mon Aug 17 17:16:00 2020, Number 
of Pages: 1, Number of Words: 867, Number of Characters: 4943, 
ecurity: 
0","ssdeep":"6144:VpFD8N8qpxXvztgWWghMaqnuyfgxKmT490Cir 
3k:VpFDNgLvzfhMqvycl4","trid":[{"file_type":"Microsoft Word 


View on VirusTotal 
GUI Url: 


3k:VpFDNgLvzfhMaqvycl4","trid":[{"file_type":"Microsoft Word 
document","probability":52.6},{"file_type":"Microsoft Word 
document (old ver.)","probability":33.3},{"file_type":"Generic OLE2 
/ Multistream 
Compound","probability":14.0}]},"id":"9c906c2f3bfb24883a8784a9 
2515€6337e1 76731481 6d5d9738f9ec1 82beaf44","links":{"self":"ht 
tps://www.virustotal.com/api/v3/files/9c906c2f3bfb24883a8784a92 
515e6337e1 76731481 6d5d9738f9ec182beai44"},"type":"file"} 


https://www. virustotal.com/gui/file/9c906c2f3bfb24883a8784a9251 5e6337e1 76731481 6d5d9738f9ec 


182beat44 


File Summary 

Names 

File Type 

File Type Description 


Tags 


Times Submitted 

TrID - file type identification tool 

File Type 

Microsoft Word document 

Microsoft Word document (old ver.) 
Generic OLE2 / Multistream Compound 
VirusTotal Analysis Summary 


Aggregate Result 


t40x5whtx.dll, GDLS_2020090392828334.doc 
doc 
MS Word Document 


obfuscated, open-file, enum-windows, exe- 
pattern, handle-file, doc, runtime-modules, 
create-file, run-file, checks-network-adapters, 
macros, run-dll, environ, direct-cpu-clock-access, 
write-file, create-ole 


1 


Probability % 
52.6 
Soles) 
14.0 


malicious - 37 / 75 


VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


Community Votes 
Total votes cast: 1 


Harmless: 0/1 
Malicious: 1/1 


Incoming (2) 

© Domain 

® Domain 
Outgoing (7) 

© Domain 
© Domain 
® Domain 

2 |Pv4 Address 
© |Pv4 Address 
2 |Pv4 Address 
© |Pv4 Address 


PrN 
q) 
Weight 


Domain Name 
WHOIS Info 


Domain 
maltego.Domain 


trophylab.com 


Number of Analysis 
0 
0 


37 


25 
75 


dronerc.it 
www.fabioluciani.com 


dronerc.it 
www.dronerc. it 
www.fabioluciani.com 
192.168.0.1 
192.168.0.165 
193.70.64.169 
37.252.123.239 


0 
trophylab.com 


Outgoing (6) 


118.107.163.120 
14.0.92.60 

UA WAS )S 1745) 
52.231.31.103 
61.110.214.203 
61.110.215.123 


geeeeg ae 


Domain 
maltego.Domain 


fabioluciani.com 


Weight 0 
Domain Name fabioluciani.com 
WHOIS Info 


Outgoing (5) 
- Idress 188.165.161.229 
| 193.70.64.169 
62.149.128.151 
62.149.128.154 
62.149.128.157 


geet 


Domain 
maltego.Domain 
dronerc.it 
Weight 0 
Domain Name dronerc.it 
WHOIS Info Created: 2009-09-28 11:25:11 
Created: 2016-06-15 15:14:02 
DNSSEC: no 


Domain: dronerc..it 

Expire Date: 2021-06-15 

Last Update: 2018-06-29 09:01:23 

Last Update: 2020-07-01 00:44:21 
Organization: Seeweb S.r.l. 

Organization: Tophost Srl Hosting Italiano 
Organization: hidden 

Status: ok 

ns1.th.seeweb.it 

ns2.th.seeweb. it 


27 


VirusTotal Domain Summary 

VirusTotal Reputation 0 

Tags 

Popularity Ranking 

Alexa 

56959 

Virus Total Analysis Summary 

Aggregate Result harmless - 77 / 84 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless TEs 

Malicious 0 

Suspicious 0 

Timeout 0 

Type Unsupported 0 

Undetected 7 

Total 384 


View on VirusTotal 
GUI Url: https:/Awww.virustotal.com/gui/domain/dronerc. it 


Categories 

Engines Category 

Dr.Web known infection source 

Webroot Malware Sites 

Forcepoint ThreatSeeker business and economy. compromised websites 
Comodo Valkyrie Verdict media sharing 

alphaMountain.ai Malicious 


Community Votes 
Total votes cast: 0 


Incoming (1) 


Vi 


t40x5whtx.dll 


37.252.123.239 
t40x5whtx.dll 


Domain 
maltego.Domain 


edujikim.com 


Weight 0 
Domain Name edujikim.com 
WHOIS Info 


Outgoing (2) 
V4 210.219.173.87 
Adle233 13:62 


Domain 
maltego.Domain 


coldpacific.com 


Weight 0 
Domain Name coldpacific.com 
WHOIS Info 


Outgoing (2) 


23.106.122.88 
23.236.62.147 


Domain 
maltego.Domain 


cutesaucepuppy.com 


Weight 0 
Domain Name cutesaucepuppy.com 
WHOIS Info 

Outgoing (2) 


Pv4 Ss 198.54.117.244 
IP : 23.106.215.15 


Domain 
maltego.Domain 


devguardmap.org 


29 


Weight 
Domain Name 
WHOIS Info 


Outgoing (2) 
2 |Pv4 Address 
W |Pv4 Address 


Pr Domain 
@®) maltego.Domain 
a 


redeastbay.com 


Weight 
Domain Name 
WHOIS Info 


Outgoing (2) 
2 |Pv4 Address 
®  |Pv4 Address 


Domain 
maltego.Domain 


Weight 
Domain Name 
WHOIS Info 


VirusTotal Domain Summary 
VirusTotal Reputation 
Tags 

VirusTotal Analysis Summary 


Aggregate Result 


0 
devguardmap.org 


162.255.119.131 
45.147.231.213 


0 
redeastbay.com 


23.106.122.108 
23.106.223.161 


www.fabioluciani.com 


0 
www.fabioluciani.com 


Creation Date: 2009-10-09T19:08:29Z 
DNSSEC: unsigned 

Domain Name: FABIOLUCIANI.COM 
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited 
Domain Status: clientUpdateProhibited 
https://icann.org/epp#clientUpdateProhibited 
Name Server: DNS.TECHNORAIL.COM 
Name Server: DNS2.TECHNORAIL.COM 
Name Server: DNS3.ARUBADNS.NET 
Name Server: DNS4.ARUBADNS.CZ 
Registrar IANA ID: 69 

Registrar URL: http://www.tucows.com 
Registrar WHOIS Server: whois.tucows.com 
Registrar: Tucows Domains Inc. 

Registry Domain ID: 1571785613. DOMAIN _COM-VRSN 
Registry Expiry Date: 2021-10-09T19:08:292 
Updated Date: 2020-10-11T16:06:25Z 


harmless - 72 / 84 


Vi 


rusTotal Analysis Stats 


Analysis Type 


Confirmed Timeout 


Failure 


Harmless 


Malicious 


Suspicious 


Timeout 


Type Unsupported 


Undetected 


Total 


Vi 


ew on Virus Total 


Number of Analysis 
0 

0 

72 


GUI Url: https://www.virustotal.com/gui/domain/www.fabioluciani.com 


Categories 


Engines 


Forcepoint ThreatSeeker 


Comodo Valkyrie Verdict 


Webroot 


Community Votes 


Total votes cast: 0 


In 


O 


coming (1) 


| VirusTotal File 


utgoing (1) 


=  VirusTotal File 


= 


IPv4 Address 
maltego.IPv4Address 


23.106.223.161 


Category 
compromised websites 
professional networking 


Malware Sites 


t40x5whtx.dll 


t40x5whtx.dll 


Weight 0 


IP Address 23.106.223.161 
Internal false 

owner 

Before 

After 


Include Media Type 

Exclude Media Type 

Date Resolved 2020-11-20T14:21:12Z2 
Resolver VirusTotal 


Incoming (2) 


® Domain codevexillium.org 
® Domain redeastbay.com 


IPv4 Address 
maltego.IPv4Address 


Sie cOeieg 2.39 


Weight 0 


IP Address 37.252.123.239 
Internal false 

owner 

Before 

After 


Include Media Type 
Exclude Media Type 


Date Resolved 2019-11-04T21:14:55Z 
Resolver VirusTotal 
AS Number 196752 


Continent EU 


Whois 


Domain Name: TILAA.COM 

Registry Domain ID: 29548565 DOMAIN _COM-VRSN 
Registrar WHOIS Server: whois.rrpproxy.net 

Registrar URL: http://www.key-systems.net 

Updated Date: 2020-06-20T08:05:13Z 

Creation Date: 2000-06-19T23:20:11Z 

Registry Expiry Date: 2021-06-19T23:20:11Z 

Registrar: Key-Systems GmbH 

Registrar IANA ID: 269 

Registrar Abuse Contact Email: abuse@key-systems.net 
Registrar Abuse Contact Phone: +49.68949396850 
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited 

Name Server: NS1.TILAA.NL 

Name Server: NS2.TILAA.NL 

Name Server: NS3.TILAA.NL 

DNSSEC: unsigned 

URL of the ICANN Whois Inaccuracy Complaint Form: 
https ://www.icann.org/wicf/ 

>>> Last update of whois database: 2021-03-13T01:03:38Z <<< 


For more information on Whois status codes, please visit 
https://icann.org/epp 


NOTICE: The expiration date displayed in this record is the date 
the 

registrar's sponsorship of the domain name registration in the 
registry is 

currently set to expire. This date does not necessarily reflect the 
expiration 

date of the domain name registrant's agreement with the 
sponsoring 

registrar. Users may consult the sponsoring registrar's Whois 
database to 

view the registrar's reported date of expiration for this registration. 


TERMS OF USE: You are not authorized to access or query our 
Whois 

database through the use of electronic processes that are high- 
volume and 

automated except as reasonably necessary to register domain 
names or 

modify existing registrations; the Data in VeriSign Global Registry 
Services’ ("VeriSign") Whois database is provided by VeriSign for 
information purposes only, and to assist persons in obtaining 
information 

about or related to a domain name registration record. VeriSign 
does not 

guarantee its accuracy. By submitting a Whois query, you agree to 
abide 

by the following terms of use: You agree that you may use this 
Data only 

for lawful purposes and that under no circumstances will you use 
this Data 

to: (1) allow, enable, or otherwise support the transmission of 
mass 

unsolicited, commercial advertising or solicitations via e-mail, 
telephone, 

or facsimile; or (2) enable high volume, automated, electronic 
processes 

that apply to VeriSign (or its computer systems). The compilation, 
repackaging, dissemination or other use of this Data is expressly 
prohibited without the prior written consent of VeriSign. You agree 
not to 

use electronic processes that are automated and high-volume to 
access or 

query the Whois database except as reasonably necessary to 
register 

domain names or modify existing registrations. VeriSign reserves 
the right 

to restrict your access to the Whois database in its sole discretion 
to ensure 

operational stability. VeriSign may restrict or terminate your 
access to the 

Whois database for failure to abide by these terms of use. 
VeriSign 

reserves the right to modify these terms at any time. 


The Registry database contains ONLY .COM, .NET, .EDU 
domains and 

Registrars. 

Domain Name: tilaa.com 

Registry Domain ID: 29548565_ DOMAIN _COM-VRSN 
Registrar WHOIS Server: whois.rrpproxy.net 
Registrar URL: http://www.tilaa.nl 

Updated Date: 2020-06-19T01:59:34Z 

Creation Date: 2000-06-19T23:20:11Z 

Registrar Registration Expiration Date: 2021-06-19T23:20:11Z 
Registrar: Key-Systems GmbH 

Registrar IANA ID: 269 

Registrar Abuse Contact Email: abusereport@key-systems.net 
Registrar Abuse Contact Phone: +49.68949396850 
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited 
Registry Registrant ID: REDACTED FOR PRIVACY 
Registrant Name: REDACTED FOR PRIVACY 
Registrant Organization: REDACTED FOR PRIVACY 
Registrant Street: REDACTED FOR PRIVACY 
Registrant Street: REDACTED FOR PRIVACY 
Registrant Street: REDACTED FOR PRIVACY 
Registrant City: REDACTED FOR PRIVACY 
Registrant State/Province: 

Registrant Postal Code: REDACTED FOR PRIVACY 
Registrant Country: NL 

Registrant Phone: REDACTED FOR PRIVACY 
Registrant Phone Ext: REDACTED FOR PRIVACY 
Registrant Fax: REDACTED FOR PRIVACY 
Registrant Fax Ext: REDACTED FOR PRIVACY 
Registrant Email: info@domain-contact.org 
Registry Admin ID: REDACTED FOR PRIVACY 
Admin Name: REDACTED FOR PRIVACY 

Admin Organization: REDACTED FOR PRIVACY 
Admin Street: REDACTED FOR PRIVACY 

Admin Street: REDACTED FOR PRIVACY 

Admin Street: REDACTED FOR PRIVACY 

Admin City: REDACTED FOR PRIVACY 

Admin State/Province: REDACTED FOR PRIVACY 
Admin Postal Code: REDACTED FOR PRIVACY 
Admin Country: REDACTED FOR PRIVACY 
Admin Phone: REDACTED FOR PRIVACY 

Admin Phone Ext: REDACTED FOR PRIVACY 
Admin Fax: REDACTED FOR PRIVACY 

Admin Fax Ext: REDACTED FOR PRIVACY 
Admin Email: info@domain-contact.org 

Registry Tech ID: REDACTED FOR PRIVACY 
Tech Name: REDACTED FOR PRIVACY 

Tech Organization: REDACTED FOR PRIVACY 
Tech Street: REDACTED FOR PRIVACY 

Tech Street: REDACTED FOR PRIVACY 

Tech Street: REDACTED FOR PRIVACY 

Tech City: REDACTED FOR PRIVACY 

Tech State/Province: REDACTED FOR PRIVACY 
Tech Postal Code: REDACTED FOR PRIVACY 
Tech Country: REDACTED FOR PRIVACY 

Tech Phone: REDACTED FOR PRIVACY 

Tech Phone Ext: REDACTED FOR PRIVACY 
Tech Fax: REDACTED FOR PRIVACY 

Tech Fax Ext: REDACTED FOR PRIVACY 

Tech Email: info@domain-contact.org 

Registry Billing ID: REDACTED FOR PRIVACY 
Billing Name: REDACTED FOR PRIVACY 

Billing Organization: REDACTED FOR PRIVACY 
Billing Street: REDACTED FOR PRIVACY 

Billing Street: REDACTED FOR PRIVACY 

Billing Street: REDACTED FOR PRIVACY 

Billing City: REDACTED FOR PRIVACY 

Billing State/Province: REDACTED FOR PRIVACY 
Billing Postal Code: REDACTED FOR PRIVACY 
Billing Country: REDACTED FOR PRIVACY 

Billing Phone: REDACTED FOR PRIVACY 

Billing Phone Ext: REDACTED FOR PRIVACY 
Billing Fax: REDACTED FOR PRIVACY 

Billing Fax Ext: REDACTED FOR PRIVACY 

Billing Email: info@domain-contact.org 

Name Server: ns1 .tilaa.nl 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 

AS Number 

AS Number Owner 
Subnet 

Country Code 

Continent 

Regional Internet Registry 
Tags 

VirusTotal Analysis Summary 


Aggregate Result 


Name Server: ns1.tilaa.nl 

Name Server: ns2.tilaa.nl 

Name Server: ns3.tilaa.nl 

DNSSEC: unsigned 

URL of the ICANN WHOIS Data Problem Reporting System: 
https://wdprs.internic.net/ 

>>> Last update of WHOIS database: 2021-03-13T01:03:50Z <<< 


For more information on Whois status codes, please visit 
https://www.icann.org/epp 


To contact the registered registrant please proceed to: 
httos://www.domain-contact.org 


Virtual private servers starting at €6,95 /mo 
see http://tilaa.nl for more info. 


This data is provided by Tilaa 

for information purposes, and to assist persons obtaining 
information 

about or related to domain name registration records. 

Tilaa does not guarantee its accuracy. 

By submitting a WHOIS query, you agree that you will use this 
data 

only for lawful purposes and that, under no circumstances, you will 
use this data to 

1) allow, enable, or otherwise support the transmission of mass 
unsolicited, commercial advertising or solicitations via E-mail 
(spam) or 

2) enable high volume, automated, electronic processes that apply 
to this WHOIS server. 

These terms may be changed without prior notice. 

By submitting this query, you agree to abide by this policy. 
1615597432 

Tilaa B.V. 

NL 

37.252.120.0/21 


RIPE NCC 


0 

196752 

Tilaa B.V. 
37.252 120:0/7 1 
NL 

EU 

RIPE NCC 


harmless - 76 / 84 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 76 

Malicious 0 

Suspicious 0 

Timeout 0 

Type Unsupported 0 

Undetected 8 

Total 84 


Community Votes 
Total votes cast: 0 


Incoming (2) 
® Domain dronerc.it 
VirusTotal File t40x5whtx.dll 


IPv4 Address 
vs maltego.IPv4Address 


193.70.64.169 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 

AS Number 
Continent 


0 
193.70.64.169 
false 


2019-12-11T00:02:592 
VirusTotal 

16276 

EU 


Whois NetRange: 193.0.0.0 - 193.255.255.255 
CIDR: 193.0.0.0/8 
NetName: RIPE-CBLK 
NetHandle: NET-193-0-0-0-1 
Parent: () 
NetType: Allocated to RIPE NCC 
OriginAS: 
Organization: RIPE Network Coordination Centre (RIPE) 
RegDate: 1992-08-12 
Updated: 2009-03-25 
Comment: These addresses have been further assigned to users 
in 
Comment: the RIPE NCC region. Contact information can be 
found in 
Comment: the RIPE database at http://www.ripe.net/whois 
Ref: https://rdap.arin.net/registry/ip/193.0.0.0 
ResourceLink: https://apps.db.ripe.net/search/query.html 
ResourceLink: whois.ripe.net 
OrgName: RIPE Network Coordination Centre 
Orgld: RIPE 
Address: P.O. Box 10096 
City: Amsterdam 
StateProv: 
PostalCode: 1001EB 
Country: NL 
RegDate: 
Updated: 2013-07-29 
Ref: https://rdap.arin.net/registry/entity/RIPE 
ReferralServer: whois://whois.ripe.net 
ResourceLink: https://apps.db.ripe.net/search/query.html 
OrgAbuseHandle: ABUSE3850-ARIN 
OrgAbuseName: Abuse Contact 
OrgAbusePhone: +31205354444 
OrgAbuseEmail: abuse@ripe.net 
garestiet https://rdap.arin.net/registry/entity/ABUSE3850- 
RIN 
OrgTechHandle: RNO29-ARIN 
OrgTechName: RIPE NCC Operations 
OrgTechPhone: +31 20 535 4444 
OrgTechEmail: hostmaster@ripe.net 
OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN 
inetnum: 193.70.64.160 - 193.70.64.191 
netname: thetiscloud 
descr: thetiscloud. it 
country: IT 
org: ORG-OS43-RIPE 
admin-c: OTC5-RIPE 
tech-c: OTC5-RIPE 
status: ASSIGNED PA 
mnt-by: OVH-MNT 
created: 2016-11-181T12:28:08Z 
last-modified: 2016-11-18T12:28:08Z 
source: RIPE 
organisation: ORG-OS43-RIPE 
org-name: OVH Srl 
org-type: OTHER 
address: Via Carlo Imbonati, 18 
address: 20159 Milano 
address: Italia 
mnt-ref: OVH-MNT 
mnt-by: OVH-MNT 
created: 2008-09-161T16:36:14Z 
last-modified: 2019-05-24T08:37:53Z 
source: RIPE # Filtered 
role: OVH IT Technical Contact 
address: OVH Srl 
address: Via Carlo Imbonati, 18 
address: 20159 Milano 
address: Italia 
admin-c: OK217-RIPE 
tech-c: GM84-RIPE 
nic-hdl: OTC5-RIPE 
abuse-mailbox: abuse@ovh.net 
mnt-by: OVH-MNT 
created: 2008-09-161T16:47:07Z 
last-modified: 2019-05-24T08:39:22Z7 
source: RIPE # Filtered 
route: 193.70.0.0/17 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 
AS Number 

AS Number Owner 
Subnet 

Country Code 
Continent 

Regional Internet Registry 
Tags 

Virus Total Analysis Summary 
Aggregate Result 
VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


Community Votes 
Total votes cast: 0 


route: 193.70.0.0/17 

descr: OVH 

origin: AS16276 

mnt-by: OVH-MNT 

created: 2016-10-07T08:51:27Z 
last-modified: 2016-10-07T08:51:27Z 
source: RIPE 


1617070905 
OVH SAS 

FR 
193.70.0.0/17 
RIPE NCC 


0 

16276 

OVH SAS 
193.70.0.0/17 
FR 

EU 

RIPE NCC 
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Number of Analysis 


0 


fabioluciani.com 
t40x5whtx.dll 


41 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 

AS Number 
Continent 


0 
85.17.31.82 
false 


2021-01-28T 17:56:39Z 
VirusTotal 

60781 

EU 


Whois 


NetRange: 85.0.0.0 - 85.255.255.255 

CIDR: 85.0.0.0/8 

NetName: 85-RIPE 

NetHandle: NET-85-0-0-0-1 

Parent: () 

NetType: Allocated to RIPE NCC 

OriginAS: 

Organization: RIPE Network Coordination Centre (RIPE) 
RegDate: 2004-04-01 

Updated: 2009-05-18 

Comment: These addresses have been further assigned to users 
in 

Comment: the RIPE NCC region. Contact information can be 
found in 

Comment: the RIPE database at http://www.ripe.net/whois 
Ref: https://rdap.arin.net/registry/ip/85.0.0.0 

ResourceLink: https://apps.db.ripe.net/search/query.html 
ResourceLink: whois.ripe.net 

OrgName: RIPE Network Coordination Centre 

Orgld: RIPE 

Address: P.O. Box 10096 

City: Amsterdam 

StateProv: 

PostalCode: 1001EB 

Country: NL 

RegDate: 

Updated: 2013-07-29 

Ref: https://rdap.arin.net/registry/entity/RIPE 

ReferralServer: whois://whois.ripe.net 

ResourceLink: https://apps.db.ripe.net/search/query.html 
OrgTechHandle: RNO29-ARIN 

OrgTechName: RIPE NCC Operations 

OrgTechPhone: +31 20 535 4444 

OrgTechEmail: hostmaster@ripe.net 

OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN 
OrgAbuseHandle: ABUSE3850-ARIN 

OrgAbuseName: Abuse Contact 

OrgAbusePhone: +31205354444 

OrgAbuseEmail: abuse@ripe.net 

pa puechet https://rdap.arin.net/registry/entity/ABUSE3850- 


inetnum: 85.17.0.0 - 85.17.255.255 

netname: NL-LEASEWEB-20050311 

country: NL 

org: ORG-OB3-RIPE 

admin-c: Iswni-RIPE 

tech-c: Iswn1-RIPE 

status: ALLOCATED PA 

remarks: Please send all abuse notifications to the following email 
address: abuse@nl.leaseweb.com. To ensure proper processing 
of your abuse notification, please visit the website 
www.leaseweb.com/abuse for notification requirements. All police 
and other government agency requests must be sent to 
subpoenas@nl.leaseweb.com. 

mnt-by: RIPE-NCC-HM-MNT 

mnt-by: LEASEWEB-NL-MNT 

mnt-lower: LEASEWEB-NL-MNT 

mnt-domains: LEASEWEB-NL-MNT 

mnt-routes: LEASEWEB-NL-MNT 

created: 2005-03-11T10:27:33Z 

last-modified: 2017-11-161T10:31:11Z 

source: RIPE # Filtered 

organisation: ORG-OB3-RIPE 

org-name: LeaseWeb Netherlands B.V. 

country: NL 

org-type: LIR 

address: Postbus 93054 

address: 1090BB 

address: Amsterdam 

address: NETHERLANDS 

phone: +31203162880 

fax-no: +31203162890 

admin-c: Iswn1-RIPE 

abuse-c: LWAD-RIPE 

mnit-ref: RIPE-NCC-HM-MNT 

mnt-ref: LEASEWEB-NL-MNT 

mnt-by: RIPE-NCC-HM-MNT 

mnt-by: LEASEWEB-NL-MNT 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 

AS Number 

AS Number Owner 
Subnet 

Country Code 

Continent 

Regional Internet Registry 
Tags 

VirusTotal Analysis Summary 


Aggregate Result 


mnt-by: LEASEWEB-NL-MNT 
created: 2004-04-17T11:42:05Z 
last-modified: 2020-12-161T12:49:01Z 
source: RIPE # Filtered 

role: Leaseweb NL NOC 

address: Luttenbergweg 8 1101 EC Amsterdam 
admin-c: SPW1-RIPE 

nic-hdl: Iswn1-RIPE 

mnt-by: LEASEWEB-NL-MNT 
created: 2017-11-161T10:05:00Z 
last-modified: 2017-11-16T10:45:38Z 
source: RIPE # Filtered 

route: 85.17.0.0/16 

descr: LEASEWEB 

origin: AS60781 

remarks: LeaseWeb 

mnt-by: LEASEWEB-NL-MNT 
created: 2014-03-11T15:21:15Z 
last-modified: 2015-09-29T14:31:50Z 
source: RIPE 


1619047407 

LeaseWeb Netherlands B.V. 
NL 

85.17.0.0/16 

RIPE NCC 


0 

60781 

LeaseWeb Netherlands B.V. 
85.17.0.0/16 

NL 

EU 

RIPE NCC 
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VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 73 

Malicious 3 

Suspicious 0 

Timeout 0 

Type Unsupported 0 

Undetected 8 

Total 84 


Community Votes 
Total votes cast: 0 


Incoming (2) 
® Domain codevexillium.org 
VirusTotal File Chrome_85_RCE_Full_Exploit_Code.mht 


IPv4 Address 
vs maltego.I|Pv4Address 


Soave sieiee 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 

AS Number 
Continent 


0 
Sbuli7-silate22 
false 


2021-01-28T 17:56:40Z 
VirusTotal 

60781 

EU 


Whois 


NetRange: 85.0.0.0 - 85.255.255.255 

CIDR: 85.0.0.0/8 

NetName: 85-RIPE 

NetHandle: NET-85-0-0-0-1 

Parent: () 

NetType: Allocated to RIPE NCC 

OriginAS: 

Organization: RIPE Network Coordination Centre (RIPE) 
RegDate: 2004-04-01 

Updated: 2009-05-18 

Comment: These addresses have been further assigned to users 
in 

Comment: the RIPE NCC region. Contact information can be 
found in 

Comment: the RIPE database at http://www.ripe.net/whois 
Ref: https://rdap.arin.net/registry/ip/85.0.0.0 

ResourceLink: https://apps.db.ripe.net/search/query.html 
ResourceLink: whois.ripe.net 

OrgName: RIPE Network Coordination Centre 

Orgld: RIPE 

Address: P.O. Box 10096 

City: Amsterdam 

StateProv: 

PostalCode: 1001EB 

Country: NL 

RegDate: 

Updated: 2013-07-29 

Ref: https://rdap.arin.net/registry/entity/RIPE 

ReferralServer: whois://whois.ripe.net 

ResourceLink: https://apps.db.ripe.net/search/query.html 
OrgTechHandle: RNO29-ARIN 

OrgTechName: RIPE NCC Operations 

OrgTechPhone: +31 20 535 4444 

OrgTechEmail: hostmaster@ripe.net 

OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN 
OrgAbuseHandle: ABUSE3850-ARIN 

OrgAbuseName: Abuse Contact 

OrgAbusePhone: +31205354444 

OrgAbuseEmail: abuse@ripe.net 

pa puechet https://rdap.arin.net/registry/entity/ABUSE3850- 


inetnum: 85.17.0.0 - 85.17.255.255 

netname: NL-LEASEWEB-20050311 

country: NL 

org: ORG-OB3-RIPE 

admin-c: Iswni-RIPE 

tech-c: Iswn1-RIPE 

status: ALLOCATED PA 

remarks: Please send all abuse notifications to the following email 
address: abuse@nl.leaseweb.com. To ensure proper processing 
of your abuse notification, please visit the website 
www.leaseweb.com/abuse for notification requirements. All police 
and other government agency requests must be sent to 
subpoenas@nl.leaseweb.com. 

mnt-by: RIPE-NCC-HM-MNT 

mnt-by: LEASEWEB-NL-MNT 

mnt-lower: LEASEWEB-NL-MNT 

mnt-domains: LEASEWEB-NL-MNT 

mnt-routes: LEASEWEB-NL-MNT 

created: 2005-03-11T10:27:33Z 

last-modified: 2017-11-161T10:31:11Z 

source: RIPE # Filtered 

organisation: ORG-OB3-RIPE 

org-name: LeaseWeb Netherlands B.V. 

country: NL 

org-type: LIR 

address: Postbus 93054 

address: 1090BB 

address: Amsterdam 

address: NETHERLANDS 

phone: +31203162880 

fax-no: +31203162890 

admin-c: Iswn1-RIPE 

abuse-c: LWAD-RIPE 

mnit-ref: RIPE-NCC-HM-MNT 

mnt-ref: LEASEWEB-NL-MNT 

mnt-by: RIPE-NCC-HM-MNT 

mnt-by: LEASEWEB-NL-MNT 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 

AS Number 

AS Number Owner 
Subnet 

Country Code 

Continent 

Regional Internet Registry 
Tags 

VirusTotal Analysis Summary 


Aggregate Result 


mnt-by: LEASEWEB-NL-MNT 
created: 2004-04-17T11:42:05Z 
last-modified: 2020-12-161T12:49:01Z 
source: RIPE # Filtered 

role: Leaseweb NL NOC 

address: Luttenbergweg 8 1101 EC Amsterdam 
admin-c: SPW1-RIPE 

nic-hdl: Iswn1-RIPE 

mnt-by: LEASEWEB-NL-MNT 
created: 2017-11-161T10:05:00Z 
last-modified: 2017-11-16T10:45:38Z 
source: RIPE # Filtered 

route: 85.17.0.0/16 

descr: LEASEWEB 

origin: AS60781 

remarks: LeaseWeb 

mnt-by: LEASEWEB-NL-MNT 
created: 2014-03-11T15:21:15Z 
last-modified: 2015-09-29T14:31:50Z 
source: RIPE 


1618665391 

LeaseWeb Netherlands B.V. 
NL 

85.17.0.0/16 

RIPE NCC 


0 

60781 

LeaseWeb Netherlands B.V. 
85.17.0.0/16 

NL 

EU 

RIPE NCC 
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VirusTotal Analysis Stats 


Analysis Type 
Confirmed Timeout 
Failure 

Harmless 
Malicious 
Suspicious 
Timeout 

Type Unsupported 
Undetected 

Total 

Community Votes 
Total votes cast: 0 


Incoming (2) 
® Domain 
Virus Total File 


Ter 


Number of Analysis 
0 

0 

82 


Sa © oo © 


codevexillium.org 
Chrome_85_RCE_Full_Exploit_Code.mht 


VirusTotal File 
maltego.virustotal.File 


e6d9f4fb90f4 1 27f2b6f123692583827072529391 ae2eb 
Obf9f83711525c5e21 


Weight 
MeaningfulName 


File Id 


Names 

File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 


SSDEEP 


Magic 

File Size 

Tags 

Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
Reputation 


0 


e6d9f4fb90F4127f2b6f1 23692583827072529391 ae2eb0bf9'8371 1 
525c5e21 


e6d9f4fb90F4127f2b6f1 23692583827072529391 ae2eb0bf9'8371 1 
525c5e21 


PEEXE 

Win32 EXE 

abe3cf082f42eec31 262daedaff0dd3b 
87cf7c3dac1b33035e0bf9cc0bc775859963c44f 


e6d9f4fb90F4127f2b6f1 23692583827072529391 ae2eb0bf9f8371 1 
525c5e21 


05503e0f7d10192401fz13z1fz 


746d5d67dd798c3426fc3f279d16a5c728a1 07e3fccc73d5b2134f5 
5a653d6f4 


1536 :txft5AMoaicf/L6mFcLQ0alhrasVFToSe6GxOdcYMLjqXgVR 
VNASI2IndFOvWN9u:v15Vf/LfsVmUWNEWVOBZ 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
500915 
peexe, runtime-modules, direct-cpu-clock-access, upx, overlay 


null 

2008-04-19T11:49:11Z 
2021-04-14T10:14:16Z 
2021-04-14T10:14:16Z 
2021-04-151T22:39:11Z 


- Oo Oo 


Vifile 


{"attributes":{"creation_date":"1208605751","first_submission_date 
""1618395256","last_analysis_date":"1618518915","last_analysis 
_results":{"Bkav":{"category":"undetected","engine_ name”: "Bkav"," 
engine_update":"20210415","engine_version":"1.3.0.9899", "metho 
d"-"blacklist"},"Elastic":{"category":"malicious","engine_name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist","result": "malicious (high confidence)"},"MicroWorld- 
eScan" "category": "malicious","engine_name":"MicroWorld- 
eScan","engine_update": "20210415", "engine_version":"14.0.409.0 
2 "method": "blacklist","result":"Trojan.GenericKD.45798479"},"Fire 
Eye": {"category": "malicious", "engine_name":"FireEye","engine_up 
date":"20210415","engine_version":"32.44.1.0","method":"blacklist 
""result": "Generic. mg.abe3cf082f42eec3"}, "CAT 
QuickHeal”: {"category": "undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210415","engine_version":"14.00" 
,"method":"blacklist"},"McAfee":{"category":"malicious","engine_na 
me": "McAfee","engine_update":"20210415","engine_' version":"6.0. 
6.653","method":"blacklist","result": "GenericRXAA- 
AAIABESCF082F42"}, "Cylance": {"category":"malicious","engine_n 
ame":"Cylance","engine_update":"20210415","engine_version":"2. 
Sale Oils "method":"blacklist","result":"Unsafe"},"Zillya":{"category": 
"malicious","engine_name":"Zillya","engine_update":"20210415"," 
engine_version":"2.0.0.4342","method":"blacklist","result”:"Dropper 
-Agent.Win32.443301"},"SUPERAntiSpyware":{"category":"undete 
cted","engine_name":"SUPERAntiSpyware","engine_update":"202 
10409","engine_version":"5.6.0.1032","method":"blacklist"},"Sangf 
‘Olne {"category": "undetected","engine_ name": "Sangfor","engine_up 
date":"20210402" "engine _| version": "2. 9.0.0", "method": "blacklist"},” 
K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus", 
"engine_update":"2021041 5","engine_version":"1 1.176.36944","m 
ethod":"blacklist","result":"Trojan (0051918e1 
)"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","eng 
ine _update": "20190527","engine_version":"0.3.0.5","method":"blac 
klist","result":"TrojanDropper:Win32/Cryptlnject.a838afd3"},"K7G 
W": "category": "malicious","engine_name":"K7GW","engine_updat 
e":"20210415","engine_version":"11.176.36944","method":"blackli 
st’, "result":"Trojan (0051918e1 
)"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdSt 
rike","engine_update":"20210203", "engine_version":"1 .0","method 
""blacklist", "result":"win/malicious_confidence_90% 
(W)"}, "Baidu": {"category":"undetected" "engine _| name":"Baidu", 
gine_update":"20190318","engine_version":"1.0.0.2","method": pla 
cklist"},"Cyren" {"category": "malicious","engine_ name": "Cyren","en 
gine_update":"20210415","engine_version":"6.3.0.2", "method" "bla 
cklist","result": "W32/Agent. CGR.gen!Eldorado"},' 'SymantecMobile| 
nsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210415","engine_version":"1.14.0.0","method":"bla 
cklist","result":"ML.Attribute.HighConfidence"},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210415","engine_version":"23139"," 
method":"blacklist","result":"a variant of 
Win32/Agent. SNX"}, "APEX":{"category":"malicious","engine_name 
""APEX","engine_update":"20210413","engine_version":"6.152"," 
method": "blacklist", “result”: "Malicious’}, "Avast":{"category": "malici 
ous","engine_name":"Avast","engine_update":"20210415","engine 
“version”: a PIPSSZAOk "method": "placklist","result": "Win32: Trojan 


gen"), "ClamAV":{"category":"malicious","engine_name":"ClamAV", 
"engine_update":"20210415", "engine_version":"0.1 03.2.0","metho 
d":"blacklist","result":"Win. Dropper. Fileinfector-9832709- 

0"}, "Kaspersky" :{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210415","engine_version":"21.0.1.45","met 
hod":"blacklist","result":"HEUR:Trojan- 

Dropper. Win32. Agent.vho"},"BitDefender":{"category":"malicious", 
engine_name":"BitDefender", “engine_ update": "20210415", "engine 
version":"7.2","method":"blacklist", "result":" Trojan. GenericKD.457 


98479"},"NANO- 


Antivirus" {"category": malicious","engine_name":"NANO- 
Antivirus","engine_update":"2021 041 5","engine_version":"1.0.146. 
25279","method": "blacklist","result": “Trojan. Win32. Clicker. dapdse" 
},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engi 
ne_update":"20210415","engine_' version":"1. Ow "method":"blacklist 
""result":"generic. ml}, "ViRobot":{"category": "undetected" ,"engine 
name": "ViRobot","engine_update":"20210415","engine_version": 
2014.3.20.0", "method": "placklist"},"Tencent":{"category":"malicious 


2014.3.20.0","method":"blacklist"},"Tencent":{"category":"malicious 
","engine_name":"Tencent","engine_update":"20210415","engine_ 
version":"1.0.0.1","method":"blacklist","result":"Malware. Win32.Ge 
ncirc.11bb25d9"},"Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210415","engine_version":"3.0.16.117 
a "method": "blacklist","result":"Trojan.GenericKD.45798479"},"Trus 
tlook": {"category":"type- 
unsupported","engine_name":"Trustlook","engine_update"."2021 0 
415","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory": "malicious","engine_ name": "Emsisoft","engine_update":"202 
10415","engine_version":"2018.12.0.1641", "method" "blacklist","re 
sult": "Trojan. GenericKD.45798479 
(B)"},"Comodo":{"category":"undetected","engine_name":"Comodo 
""engine_update":"20210415","engine_| version":"33441" ,"method" 
:"blacklist"},"F-Secure":{"category":"malicious","engine_ name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist","result":" Trojan. TR/Dropper.Gen"},"DrWeb": 
"category": "malicious" ,"engine_name":"DrWeb","engine_update":" 
20210415","engine_version":"7.0.49.9080","method":"blacklist","re 
sult":"Trojan.Click3.29339"},"VIPRE": "category": "malicious" "engi 
ne_name":"VIPRE","engine_update":"20210415","engine_version" 
"91852","method":"blacklist","result":"Trojan. Win32. Generic!BT"}," 
TrendMicro" :{"category": "undetected", "engine_name":"TrendMicro 
","engine_update":"20210330" "engine. version":"11.0.0.1006","m 
ethod":"blacklist"},"McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210415","engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
gm"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" ."method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate”: "20210415","engine_version":"1.0.2.0","method":"blacklist", 
"result":"Troj/Agent- 
BGLN"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","e 
ngine_update":"20210415","engine_ version”:"0.1.5. 2","method": "bl 
acklist","result":"Trojan.Win32.Genome"},"GData":{' category”: "mal 
icious" "engine. name":"GData","engine_update":"20210415","engi 
ne_version":"A:25.29330B:27.22670","method":"blacklist","result":" 
Win32. Trojan.PSE.16FEQPD"}, "Jiangmin": {"category": "malicious", 
“engine_name":"Jiangmin","engine_update":"20210414","engine_ 
version":"16.0.100","method":"blacklist","result":"Trojan/Genome.c 
ae"},"Webroot":{"category":"undetected","engine_name":"Webroot 
""engine_update":"20210415","engine_version":"1.0.0.403","meth 
od":"blacklist"},"Avira":{"category":"malicious","engine_name":"Avir 
a","engine_update":"20210415","engine_version":"8.3.3.12","meth 
od":"blacklist","result":"TR/Dropper.Gen"},"eGambit": "category": aC 
onfirmed- 
timeout","engine_name":"eGambit","engine_update":"20210415"," 
method":"blacklist"},"MAX":{"category":"malicious","engine_name": 
"MAX","engine_update":"20210415","engine_version":"2019.9.16. 
ches "method": "placklist","result": "malware (ai 
score\u003d82)"}, "Kingsoft":{"category":"undetected","engine_na 
me":"Kingsoft","engine_update":"20210415","engine_version":"20 
17.9.26.565","method":"blacklist"}, "Gridinsoft": {"category":"undete 
cted" “engine name":"Gridinsoft","engine_update":"20210415","en 
gine_version":"1.0.37.128","method":"blacklist"},"Arcabit":{"categor 
y":"undetected","engine_| name": "Arcabit","engine_update":"20210 
415","engine_version":"1.0.0.881","method":"blacklist"},"AegisLab" 
"category": "malicious","engine_| name": "AegisLab","engine_updat 
e":"20210415","engine_version":"4.2","method":"blacklist","result":" 
Trojan. Win32.Agent.trHI"}, "ZoneAlarm": {"category": "malicious", "en 
gine_name":"ZoneAlarm","engine_update":"20210415","engine_v 
ersion":"1.0","method":"blacklist","result":"HEUR: Trojan- 
Dropper. Win32. Agent.vho"},"Avast-Mobile":{"category":"type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210415","engine_version":"210415- 
00", "method": "blacklist"},"Microsoft": "category": "malicious","engin 
e_name":"Microsoft","engine_update":"20210415","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "Trojan: Win32/Cryptl 
“ech SDIMTB'},"Cynet"{"category":"malicious","engine_name":"C 
ynet","engine_update":"20210412","engine_| version":"4.0.0. 27","m 
ethod":"blacklist","result":"Malicious (score: 
100)"}, "BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx", 


engine_update": 


unsupported","engine_name":"BitDefenderFalx","engine_update":" 
20200916" "engine _ version":"2.0.936","method":"blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210415","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Malware/Gen.RL_Reputation.R3652 
a3) "Acronis":{"category":"undetected","engine_name":"Acronis"," 
engine_update":"20210211","engine_' version":"1.1.1. Sil "method": 
"blacklist"},"BitDefenderTheta":{"category":"malicious" engine_na 
me":"BitDefenderTheta","engine_update":"20210414","engine_ver 
sion":"7.2.37796.0","method":"blacklist","result":"Al:Packer.3767B 
5841E"},"ALYac": "category": "malicious" ,"engine_name":"ALYac", 
"engine_ update": "20210415","engine_version":"1.1.3.1","method": 
"placklist","result":"Trojan. GenerickD. 45798479"}, "TACHYON": aC 
ategory": "undetected" ,"engine_name":"TACHYON","engine_updat 
e":"2021041 5" "engine_version":"2021 -04- 
15. 02","method":"blacklist"},"VBA32":{"category":"malicious", "engi | 
nen name":"VBA32" ,"engine_update":"20210415" "engine _| version" 
""5.0.0","method":"blacklist","result":"Trojan.Genome.vg"},"Malwar 
ebytes":{"category": "malicious" ,"engine_name":"Malwarebytes","e 
ngine_| update": "20210415" "engine _ version":"4.2.1.18","method":" 
blacklist","result":"Trojan. Clicker"}," ‘Zoner":{"category": "undetected 
& engine | name":"Zoner","engine_update":"20210414","engine_ve 
rsion":"0.0.0.0","method": blacklist’), "TrendMicro- 
HouseCall" .{" ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update": "20210415" ,"engine_version":"10.0.0 
.1040","method":"blacklist","result":"TROJ_GEN.ROO2CODDE21"}, 
"Rising" :{"category": "malicious" ,"engine_name":"Rising","engine_u 
pdate"."2021 0415","engine_version":"25.0.0.26","method":"blackli 
st","result":"Backdoor.PcClient!8.119 
(CLOUD)"}, "Yandex":{"category":"malicious","engine_name":"Yan 
dex","engine_update":"20210415","engine_' version":"5.5.2.24","me 
thod’: “blacklist","result":"Trojan. Agent!sDgRjKyvUDs'}, "SentinelO 
e":{"category": "malicious", "engine_name":"SentinelOne","engine 
vupdaie™ "20210215","engine_version":"5.0.0.20","method":"blackl 
ist","result":"Static Al - Suspicious 
PE "MaxSecure": {"category":"malicious","engine_name":"MaxSe 
cure","engine_update":"20210415" "engine_version":"1 .0.0.1","me 
thod": "placklist","result":"Trojan.Malware. 121218.susgen"},"Fortine 
t":{"category": "malicious" ,"engine_name":"Fortinet","engine_updat 
e":"20210415","engine_version":"6.2.142.0", "method": "blacklist","r 
esult” "W32/Agent. CGRItr"},"AVG": {"category": "malicious", ‘angie 
name":"AVG","engine_update":"20210415","engine_version":"21. 
7.5827.0","method": "blacklist","result":"Win32:Trojan- 
gen"},"Cybereason":{"category":"malicious","engine_name":"Cyber 
eason","engine_update":"20210330","engine_version":"1.2.449"," 
method":"blacklist","result":"malicious.82f42e"},"Panda":{"category 
"s"undetected", "engine | name":"Panda","engine_update":"2021041 
5","engine_version":"4.6.4.2","method": blacklist’, "Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210415","engine_version":"1.0.0.1120"," 
method":"blacklist","result":"Win32/T rojanDropper.Generic.HglAS 
SsA"}},"last_analysis_stats":{"confirmed- 
timeout":1 ,"failure":0,"harmless":0,"malicious":51 ,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected": 17},"last_modification_date":"161852 
6351","last_submission_date":"1618395256","md5":"abe3cf082f42 
eec31262daedaff0dd3b" ,"reputation":"0", "shat":"87cf7c3dac1b33 
035e0bf9cc0bc775859963c441","sha256":"e6d9f4fb90f41 27f2b6f1 
23692583827072529391 ae2eb0bf9f837 1 1525c5e21","size":"5009 
1S? ,"tags": ["peexe", "runtime-modules","direct-cpu-clock- 
access","upx","overlay"],"times_submitted":"1","total_votes":{"harm 
less": nor "malicious": "O"},"type_description":"Win32 
EXE" "type tag":"peexe","unique_sources":"1","vhash":"05503e0f 
7d10192401fz13z1fz","authentihash": "746d5d67dd798c3426fc3t2 
79d16a5c728a107e3fccc73d5b2134f55a653d6r4" ,"magic":"PE32 
executable for MS Windows (GUI) Intel 80386 32- 
bit","packers":{"PEiD":"UPX v0.89.6 - v1.02 / v1.05 -v1.24 -\u003e 
Markus \u0026 Laszlo 
[overlay]"},"pe_info":{"entry_point":"36336","imphash":"895fbb56c0 
2c3d2bca3125cef5da8730","import_list":[{"imported_functions":["R 
egCloseKey"],"library_name":"ADVAPI32.DLL"},{"imported_functio 
ns":["ShellExecuteA"],"library_name":"SHELL32.DLL"}, {"imported_ 
functions":["VirtualProtect","LoadLibraryA","ExitProcess","GetProc 
Address"],"library_name":"KERNEL32.DLL"},{"imported_functions" 
["_iob"),"library_name":"msvert.dll"},{"imported_functions":["Send 
MessageA"', "library_name": "USER32.dll"}],"machine_type":"332"," 
overlay":{"chi2":2954959.0,"entropy":5.668815612792969, “filetype 
""Data","md5":"85f80c26d6d396635778e6264b7d93e9", "offset":" 


View on VirusTotal 
GUI Url: 


""Data","md5": "85f80c26d6d396635778e6264b7d93e9", “offset":" 
5120","size": "495795"}, "sections":[{"chi2":- 

1.0 "entropy": 0.0,"flags":"rwx","md5":"d41 d8cd98f00b204e980099 
8ecf8427e","name":"UPX0", "raw. size":"0","virtual_address":"4096 
","virtual | size": "28672"}, {"chi2": 4256.5,"entropy":7.62,"flags":"rwx", 
"md5":"Sda38a157b3a2849241 35ec920392bc7","name":"UPX1","r 
aw_size":"4096","virtual_address":"32768", "virtual |_size":"4096"}, " 
chi2":54487.0,"entropy":2.82,"flags":"rw", "md5":"72cc1ec6211d75 
9c56b56eeb0e1 1ba31","name":"UPX2", "raw size":"512","virtual_a 
ddress":"36864", "virtual_size":"4096" '\],"timestamp": "1208605751" At 
,"ssdeep":"1536 ‘txft5 AMoaict/L6mEcLQO0alhrasVETOSe6GxOdcY 
MLjgXgVRVNASI2IndFOvWN9u:v1 5Vf/LfsVmUWNEWVOBZ","trid 
"[{"file_type":"UPX compressed Win32 
Executable","probability":41.1},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)","probability":25.1},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.0},{"file_type":"Win16 NE 
executable (generic)","probability":7.6},{"file_type":"Win32 
Executable 

(generic)","probability":6.8}]},"id":"e6d9f4fb90f4 127f2b6f12369258 
3827072529391 ae2eb0bf9f8371 1525c5e21","links":{"self":"https:// 
www.virustotal. com/api/v3/tiles/e6d9f4tb90f41 27f2b6f1 236925838 
27072529391 ae2eb0bf9f837 1 1525c5e21"},"type":"file"} 


https://www. virustotal.com/gui/file/e6d9f4fb90f4 1 27f2b6f1 23692583827072529391 ae2eb0bf9f837115 


25c5e21 

File Summary 

Names 

File Type 

File Type Description 


Tags 


Times Submitted 


TrID - file type identification tool 
File Type 
UPX compressed Win32 Executable 


Microsoft Visual C++ compiled executable 
(generic) 


Win32 Dynamic Link Library (generic) 
Win16 NE executable (generic) 
Win32 Executable (generic) 
VirusTotal Analysis Summary 


Aggregate Result 


peexe 
Win32 EXE 


peexe, runtime-modules, direct-cpu-clock-access, 
upx, overlay 


1 


Probability % 
41.1 


Zoe 


10.0 
7.6 
6.8 


malicious - 51 / 74 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 1 

Failure 0 

Harmless 0 

Malicious 51 

Suspicious 0 

Timeout 0 

Type Unsupported 5 

Undetected 17 

Total 74 


Community Votes 
Total votes cast: 0 


Incoming (2) 
2 |Pv4 Address 1.198.5.220 
2 |Pv4 Address 117.18.232.200 


Pr Domain 
@®) maltego.Domain 
i" 


angeldonationblog.com 


Weight 0 
Domain Name angeldonationblog.com 
WHOIS Info 


Outgoing (1) 
W |Pv4 Address 108.177.235.178 


Pr Domain 
/) maltego.Domain 
—_ investbooking.de 
Weight 0 
Domain Name investbooking.de 
WHOIS Info 


Outgoing (1) 
2 |Pv4 Address 212.114.52.42 


Domain 
maltego.Domain 


krakenfolio.com 


Weight 0 
Domain Name krakenfolio.com 
WHOIS Info 


Outgoing (1) 
Han 108.62.118.136 


Domain 
maltego.Domain 


opsonewsorg.sg 


Weight 0 
Domain Name opsonewsorg.sg 
WHOIS Info 


Outgoing (1) 


223.106.122.133 


Domain 
maltego.Domain 


transferwiser.io 


Weight 0 
Domain Name transferwiser.io 
WHOIS Info 


Outgoing (1) 


— 45.147.228.158 


Domain 
maltego.Domain 


Transplugin.io 


Weight 0 
Domain Name Transplugin.io 
WHOIS Info 


Outgoing (1) 


103.253.40.225 


56 


Domain 
maltego.Domain 


colasprint.com 


Weight 0 
Domain Name colasprint.com 
WHOIS Info 


Outgoing (1) 


AA —50.192.28.29 
Domain 
maltego.Domain 
bestwing.org 
Weight 0 
Domain Name bestwing.org 


WHOIS Info 


Outgoing (1) 


54.227.98.220 


Domain 
maltego.Domain 


codebiogblog.com 


Weight 0 
Domain Name codebiogblog.com 
WHOIS Info 


Outgoing (1) 


— 198.54.126.85 


Domain 
maltego.Domain 


hireproplus.com 


Weight 0 
Domain Name hireproplus.com 
WHOIS Info 


Outgoing (1) 


212.114.52.57 


57 


Domain 
maltego.Domain 


hotelboard.org 


Weight 0 
Domain Name hotelboard.org 
WHOIS Info 


Outgoing (1) 
Har 445.153.240.142 


Domain 
maltego.Domain 


mediterraneanroom.org 


Weight 0 
Domain Name mediterraneanroom.org 
WHOIS Info 


Outgoing (1) 


—45.147.230.201 


Domain 
maltego.Domain 


regclassboard.com 


Weight 0 
Domain Name regclassboard.com 
WHOIS Info 


Outgoing (1) 


23.81.246.173 


Domain 
maltego.Domain 


securielite.com 


Weight 0 
Domain Name securielite.com 
WHOIS Info 


Outgoing (1) 


193.29.57.231 


58 


Domain 
maltego.Domain 


spotchannel02.com 


® 


Weight 0 
Domain Name spotchannel02.com 
WHOIS Info 


Outgoing (1) 
®  |Pv4 Address 23.106.215.130 


i, 
@) Domain | 
maltego.Domain 
ora 


wileprefgurad.net 


Weight 0 
Domain Name wileprefgurad.net 
WHOIS Info 


Outgoing (1) 
™ |Pv4 Address 23.106.123.191 


IPv4 Address 
vs maltego.IPv4Address 


23.106.122.108 


Weight 0 

IP Address 23.106.122.108 
Internal false 

owner 

Before 

After 


Include Media Type 
Exclude Media Type 


Date Resolved 2021-01-23T07:26:39Z2 
Resolver VirusTotal 

Incoming (1) 

® Domain redeastbay.com 


IPv4 Address 
maltego.IPv4Address 


42.81.85.167 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
AS Number 
Continent 


0 
42.81.85.167 
false 


58542 
AS 


Whois 


NetRange: 42.0.0.0 - 42.255.255.255 

CIDR: 42.0.0.0/8 

NetName: APNIC-42 

NetHandle: NET-42-0-0-0-1 

Parent: () 

NetType: Allocated to APNIC 

OriginAS: 

Organization: Asia Pacific Network Information Centre (APNIC) 
RegDate: 2010-10-26 

Updated: 2011-04-12 

Comment: This IP address range is not registered in the ARIN 
database. 

Comment: For details, refer to the APNIC Whois Database via 
Comment: WHOIS.APNIC.NET or http://wq.apnic.net/apnic- 
bin/whois.pl 

Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet 
Registry 

Comment: for the Asia Pacific region. APNIC does not operate 
networks 

Comment: using this IP address range and is not able to 
investigate 

Comment: spam or abuse reports relating to these addresses. For 
more 

Comment: help, refer to http://www.apnic.net/apnic- 
info/whois_search2/abuse-and-spamming 

Ref: https://rdap.arin.net/registry/ip/42.0.0.0 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
ResourceLink: whois.apnic.net 

OrgName: Asia Pacific Network Information Centre 

Orgld: APNIC 

Address: PO Box 3646 

City: South Brisbane 

StateProv: QLD 

PostalCode: 4101 

Country: AU 

RegDate: 

Updated: 2012-01-24 

Ref: https://rdap.arin.net/registry/entity/APNIC 

ReferralServer: whois://whois.apnic.net 

ResourceLink: http://wq.apnic.net/whois-search/static/search.html 
OrgAbuseHandle: AWC 12-ARIN 

OrgAbuseName: APNIC Whois Contact 

OrgAbusePhone: +61 7 3858 3188 

OrgAbuseEmail: search-apnic-not-arin@apnic.net 
OrgAbuseRef?: https://rdap.arin.net/registry/entity/AWC12-ARIN 
OrgTechHandle: AWC12-ARIN 

OrgTechName: APNIC Whois Contact 

OrgTechPhone: +61 7 3858 3188 

OrgTechEmail: search-apnic-not-arin@apnic.net 

OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN 
inetnum: 42.80.0.0 - 42.81.255.255 

netname: CHINANET-TJ 

descr: CHINANET TIANJIN PROVINCE NETWORK 

descr: China Telecom 

descr: NO.11 LIUJING ROAD, HEDONG DISTRICT, TIANJIN 
country: CN 

admin-c: CH93-AP 

tech-c: AT370-AP 

status: ALLOCATED PORTABLE 

notify: tjipadmin@163.com 

remarks: service provider 

remarks: -------------------------------------------------------- 

remarks: To report network abuse, please contact mnt-irt 
remarks: For troubleshooting, please contact tech-c and admin-c 
remarks: Report invalid contact via www.apnic.net/invalidcontact 
remarks: -------------------------------------------------------- 

mnt-by: APNIC-HM 

mnt-lower: MAINT-CHINANET-TJ 

mnt-routes: MAINT-CHINANET-TJ 

mnt-irt: IRT-CHINANET-CN 

last-modified: 2016-05-04T00:29:05Z 

source: APNIC 

irt: IRT-CHINANET-CN 

address: No.31 ,jingrong street, beijing 

address: 100032 

e-mail: anti-spam@ns.chinanet.cn.net 

abuse-mailbox: anti-spam@ns.chinanet.cn.net 

admin-c: CH93-AP 


Whois Date 

AS Owner 

Country 

Subnet 

Regional Internet Registry 


IP Address Summary 
VirusTotal Reputation 

AS Number 

AS Number Owner 
Subnet 

Country Code 

Continent 

Regional Internet Registry 
Tags 

Virus Total Analysis Summary 


Aggregate Result 


admin-c: CH93-AP 

tech-c: CH93-AP 

auth: # Filtered 

mnt-by: MAINT-CHINANET 
last-modified: 2010-11-15T00:31:55Z 
source: APNIC 

person: admin tjtele 

nic-hdl: AT370-AP 

e-mail: tjipback@yahoo.com 

address: No.11 LIUJING ROAD ,HEDONG ,TIANJIN,CHINA 
phone: +86-22-85580499 

fax-no: +86-22-85580970 

country: CN 

mnt-by: MAINT-CHINANET-TJ 
last-modified: 2014-04-01T03:31:13Z 
source: APNIC 

person: Chinanet Hostmaster 

nic-hdl: CH93-AP 

e-mail: anti-spam@ns.chinanet.cn.net 
address: No.31 ,jingrong street,beijing 
address: 100032 

phone: +86-10-58501 724 

fax-no: +86-10-58501 724 

country: CN 

mnt-by: MAINT-CHINANET 
last-modified: 2014-02-27T03:37:38Z 
source: APNIC 


1616795202 
Tianjij,300000 
CN 
42.81.0.0/16 
APNIC 
0 
58542 
Tianjij,300000 
42.81.0.0/16 
CN 
AS 
APNIC 


harmless - 83 / 83 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 83 

Malicious 0 

Suspicious 0 

Timeout 0 

Type Unsupported 0 

Undetected 0 

Total 83 


Community Votes 
Total votes cast: 0 


Incoming (1) 
VirusTotal File Chrome_85_RCE_Full_Exploit_Code.mht 


IPv4 Address 
vs maltego.IPv4Address 


45.153.240.142 


Weight 0 

IP Address 45.153.240.142 
Internal false 

owner 

Before 

After 


Include Media Type 

Exclude Media Type 

Date Resolved 2021-01-23T08:20:37Z 
Resolver VirusTotal 


Incoming (1) 
® Domain hotelboard.org 


IPv4 Address 
vs maltego.I|Pv4Address 


45.147.231.213 


Weight 

IP Address 
Internal 
owner 
Before 
After 


0 
45.147.231.213 
false 


Include Media Type 


Exclude Media Type 


Date Resolved 
Resolver 


Incoming (1) 
® Domain 


= 


Weight 

IP Address 
Internal 
owner 
Before 
After 


2021-01-25T06:54:39Z 
VirusTotal 


devguardmap.org 


IPv4 Address 
maltego.IPv4Address 


NO2 200s o dat 


0 
162.255.119.131 
false 


Include Media Type 


Exclude Media Type 


Date Resolved 
Resolver 


Incoming (1) 


© 


Domain 


2021-01-24T23:11:46Z 
VirusTotal 


devguardmap.org 


Domain 
maltego.Domain 


www.download.windowsupdate.com 


Weight 
Domain Name 
WHOIS Info 


0 
www.download.windowsupdate.com 


Admin City: Redmond 

Admin Country: US 

Admin Email: c215fc66323f439as@microsoft.com 
Admin Organization: Microsoft Corporation 

Admin Postal Code: 98052 

Admin State/Province: WA 

Creation Date: 1997-07-22T00:00:00Z 

Creation Date: 1997-07-22T04:00:00Z 

DNSSEC: unsigned 

Domain Name: WINDOWSUPDATE.COM 
Domain Name: windowsupdate.com 

Domain Status: clientTransferProhibited 
http://www.icann.org/epp#clientT ransferProhibited 
Domain Status: clientT ransferProhibited 
https://icann.org/epp#clientT ransferProhibited 
Domain Status: serverDeleteProhibited 
http://www.icann.org/epp#serverDeleteProhibited 
Domain Status: serverDeleteProhibited 
https://icann.org/epp#serverDeleteProhibited 
Domain Status: serverTransferProhibited 
http://www.icann.org/epp#serverTransferProhibited 
Domain Status: serverTransferProhibited 
https://icann.org/epp#serverTransferProhibited 
Domain Status: serverUpdateProhibited 
http://www.icann.org/epp#serverUpdateProhibited 
Domain Status: serverUpdateProhibited 
https://icann.org/epp#serverUpdateProhibited 
Name Server: NS1-205.AZURE-DNS.COM 

Name Server: NS2-205.AZURE-DNS.NET 

Name Server: NS3-205.AZURE-DNS.ORG 

Name Server: NS4-205.AZURE-DNS.INFO 
Name Server: ns1-205.azure-dns.com 

Name Server: ns2-205.azure-dns.net 

Name Server: ns3-205.azure-dns.org 

Name Server: ns4-205.azure-dns.info 

Registrant City: b6b1ba5f05367788 

Registrant Country: US 

Registrant Email: c215fc66323f439as@microsoft.com 
Registrant Fax Ext: 3432650ec337c945 
Registrant Fax: 7d1f8c3fb96a62b3 

Registrant Name: 1f83d7151e7ebf55 

Registrant Organization: 628983377a05fb4c 
Registrant Phone Ext: 3432650ec337c945 
Registrant Phone: 8f198ff1733e2d60 

Registrant Postal Code: 2908382a58eb4969 
Registrant State/Province: 163b5dbd6196f461 
Registrant Street: 86c54a730ec120b0 

Registrar Abuse Contact Email: domainabuse@cscglobal.com 
Registrar Abuse Contact Phone: +1.8887802723 
Registrar Abuse Contact Phone: 8887802723 
Registrar IANA ID: 299 

Registrar Registration Expiration Date: 2022-07-21T04:00:00Z 
Registrar URL: http://cscdbs.com 

Registrar URL: www.cscprotectsbrands.com 
Registrar WHOIS Server: whois.corporatedomains.com 
Registrar: CSC CORPORATE DOMAINS, INC. 
Registrar: CSC Corporate Domains, Inc. 

Registry Domain ID: 1908932_ DOMAIN _COM-VRSN 
Registry Expiry Date: 2022-07-21T04:00:00Z 
Sponsoring Registrar IANA ID: 299 

Tech City: Redmond 

Tech Country: US 

Tech Email: d68aef17879f209fs@microsoft.com 
Tech Organization: Microsoft Corporation 

Tech Postal Code: 98052 

Tech State/Province: WA 

Updated Date: 2021 -03-12T15:30:36Z 

Updated Date: 2021-03-12T20:30:36Z 


VirusTotal Domain Summary 
VirusTotal Reputation 


Tags 


Popularity Ranking 
Cisco Umbrella 

oa25 

VirusTotal Analysis Summary 
Aggregate Result 
VirusTotal Analysis Stats 
Analysis Type 
Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


View on VirusTotal 


-80 


harmless - 77 / 84 


Number of Analysis 


0 


GUI Url: https://www.virustotal.com/gui/domain/www.download.windowsupdate.com 


Categories 

Engines 

Webroot 

sophos 

Comodo Valkyrie Verdict 
Forcepoint ThreatSeeker 


BitDefender 


Community Votes 
Total votes cast: 5 


Harmless: 0/5 
Malicious: 5/5 


Category 

Computer and Internet Info 

trusted update site, software updates 
media sharing 

information technology 


computersandsoftware 


Incoming (1) 
“I! VirusTotal File 


Domain 
maltego.Domain 


Pr 
@) 
Weight 


Domain Name 
WHOIS Info 


VirusTotal Domain Summary 
VirusTotal Reputation 
Tags 

VirusTotal Analysis Summary 
Aggregate Result 
VirusTotal Analysis Stats 
Analysis Type 

Confirmed Timeout 
Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 
Undetected 


Total 


View on VirusTotal 


www.dronerc. it 


Chrome_85_RCE_Full_Exploit_Code.mht 


0 
www.dronerc.it 


Created: 2009-09-28 11:2 
Created: 2016-06-15 15:1 
DNSSEC: no 

Domain: dronerc.it 

Expire Date: 2021-06-15 
Last Update: 2018-06-29 09:01:23 

Last Update: 2020-07-01 00:44:21 
Organization: Seeweb S.r.l. 

Organization: Tophost Srl Hosting Italiano 
Organization: hidden 

Status: ok 

ns1.th.seeweb.it 

ns2.th.seeweb.it 


Salil 
4:02 


harmless - 69 / 84 


Number of Analysis 
0 

0 

69 


GUI Url: https://www.virustotal.com/gui/domain/www.dronerc. it 


Categories 

Engines 

Dr.Web 

Forcepoint ThreatSeeker 
Comodo Valkyrie Verdict 
Webroot 

Community Votes 

Total votes cast: 0 


Incoming (1) 
VirusTotal File 


IPv4 Address 
maltego.IPv4Address 


192.168.0.165 


Category 

known infection source 
compromised websites 
media sharing 


Malware Sites 


t40x5whtx.dll 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Whois 


Whois Date 


0 
192.168.0.165 
false 


NetRange: 192.168.0.0 - 192.168.255.255 

CIDR: 192.168.0.0/16 

NetName: PRIVATE-ADDRESS-CBLK-RFC1918-IANA- 
RESERVED 

NetHandle: NET-192-168-0-0-1 

Parent: NET192 (NET-192-0-0-0-0) 

NetType: IANA Special Use 

OriginAS: 

Organization: Internet Assigned Numbers Authority (IANA) 
RegDate: 1994-03-15 

Updated: 2013-08-30 

Comment: These addresses are in use by many millions of 
independently operated networks, which might be as small as a 
single computer connected to a home gateway, and are 
automatically configured in hundreds of millions of devices. They 
are only intended for use within a private context and traffic that 
needs to cross the Internet will need to use a different, unique 
address. 

Comment: 

Comment: These addresses can be used by anyone without any 
need to coordinate with IANA or an Internet registry. The traffic 
from these addresses does not come from ICANN or IANA. We 
are not the source of activity you may see on logs or in e-mail 
records. Please refer to http://www.iana.org/abuse/answers 
Comment: 

Comment: These addresses were assigned by the IETF, the 
organization that develops Internet protocols, in the Best Current 
Practice document, RFC 1918 which can be found at: 
Comment: http://datatracker.ietf.org/doc/rfc1918 

Ref: https://rdap.arin.net/registry/ip/192.168.0.0 

OrgName: Internet Assigned Numbers Authority 

Orgld: IANA 

Address: 12025 Waterfront Drive 

Address: Suite 300 

City: Los Angeles 

StateProv: CA 

PostalCode: 90292 

Country: US 

RegDate: 

Updated: 2012-08-31 

Ref: https://rdap.arin. peteea ety outa 

OrgTechHandle: Nn IP-A 

OrgTechName: ICAN 

OrgTechPhone: +1 BN 0-301-5820 

OrgTechEmail: abuse@iana.org 

OrgTechRef: https://rdap.arin. pee een es IP-ARIN 
OrgAbuseHandle: IANA-IP-ARIN 

OrgAbuseName: ICANN 

OrgAbusePhone: +1-310-301-5820 

OrgAbuseEmail: abuse@iana.org 

OrgAbuseRet?: https://rdap.arin.net/registry/entity/IANA-IP-ARIN 
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0 
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false 


NetRange: 192.168.0.0 - 192.168.255.255 

CIDR: 192.168.0.0/16 

NetName: PRIVATE-ADDRESS-CBLK-RFC1918-IANA- 
RESERVED 

NetHandle: NET-192-168-0-0-1 

Parent: NET192 (NET-192-0-0-0-0) 

NetType: IANA Special Use 

OriginAS: 

Organization: Internet Assigned Numbers Authority (IANA) 
RegDate: 1994-03-15 

Updated: 2013-08-30 

Comment: These addresses are in use by many millions of 
independently operated networks, which might be as small as a 
single computer connected to a home gateway, and are 
automatically configured in hundreds of millions of devices. They 
are only intended for use within a private context and traffic that 
needs to cross the Internet will need to use a different, unique 
address. 

Comment: 

Comment: These addresses can be used by anyone without any 
need to coordinate with IANA or an Internet registry. The traffic 
from these addresses does not come from ICANN or IANA. We 
are not the source of activity you may see on logs or in e-mail 
records. Please refer to http://www.iana.org/abuse/answers 
Comment: 

Comment: These addresses were assigned by the IETF, the 
organization that develops Internet protocols, in the Best Current 
Practice document, RFC 1918 which can be found at: 
Comment: http://datatracker.ietf.org/doc/rfc1918 

Ref: https://rdap.arin.net/registry/ip/192.168.0.0 

OrgName: Internet Assigned Numbers Authority 

Orgld: IANA 

Address: 12025 Waterfront Drive 

Address: Suite 300 

City: Los Angeles 

StateProv: CA 

PostalCode: 90292 

Country: US 

RegDate: 

Updated: 2012-08-31 

Ref: https://rdap.arin. peteea ety outa 

OrgTechHandle: Nn IP-A 

OrgTechName: ICAN 

OrgTechPhone: +1 BN 0-301-5820 

OrgTechEmail: abuse@iana.org 

OrgTechRef: https://rdap.arin. pee een es IP-ARIN 
OrgAbuseHandle: IANA-IP-ARIN 

OrgAbuseName: ICANN 

OrgAbusePhone: +1-310-301-5820 

OrgAbuseEmail: abuse@iana.org 

OrgAbuseRet?: https://rdap.arin.net/registry/entity/IANA-IP-ARIN 
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Virus Total Analysis Summary 


Aggregate Result 


0 
ie9Qcvlist.ie. microsoft.com 


Creation Date: 1991-05-02T04:00:00Z 
DNSSEC: unsigned 

Domain Name: MICROSOFT.COM 

Domain Status: clientDeleteProhibited 
https://icann.org/epp#clientDeleteProhibited 
Domain Status: clientTransferProhibited 
https://icann.org/epp#clientTransferProhibited 
Domain Status: clientUpdateProhibited 
https://icann.org/epp#clientUpdateProhibited 
Domain Status: serverDeleteProhibited 
https://icann.org/epp#serverDeleteProhibited 
Domain Status: serverTransferProhibited 
https://icann.org/epp#serverTransferProhibited 
Domain Status: serverUpdateProhibited 
https://icann.org/epp#serverUpdateProhibited 
Name Server: NS1-205.AZURE-DNS.COM 
Name Server: NS2-205.AZURE-DNS.NET 
Name Server: NS3-205.AZURE-DNS.ORG 
Name Server: NS4-205.AZURE-DNS.INFO 
Registrar Abuse Contact Email: 
abusecomplaints@markmonitor.com 

Registrar Abuse Contact Phone: +1.2083895740 
Registrar IANA ID: 292 

Registrar URL: http://www.markmonitor.com 
Registrar WHOIS Server: whois.markmonitor.com 
Registrar: MarkMonitor Inc. 

Registry Domain ID: 2724960_ DOMAIN _COM-VRSN 
Registry Expiry Date: 2022-05-03T04:00:00Z 
Updated Date: 2021-03-12T23:25:32Z 
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{"attributes":{"creation_date":"1468018953","first_submission_date 
""1516053944","last_analysis_date":"1618600025","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210416","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": ("category 
""undetected","engine_name":"Elastic","engine_update":"2021041 
4","engine_ version":"4.0. 20","method": "blacklist’}, "DrWeb":{"categ 
ory":"malicious","engine_name":"DrWeb","engine_update":"20210 
416","engine | version":"7.0.49. 9080", "method": "blacklist","result":" 
Trojan.DownLoader23.47675"},"MicroWorld- 
eScan":{"category":"undetected","engine_name":"MicroWorld- 
eScan","engine_update":"20210416","engine_version":"14.0.409.0 
4 "method": "blacklist’y, "FireEye": {"category": "malicious","engine_n 
ame": "FireEye","engine_update":"20210416","engine_version":"32 
44.1. es "blacklist","result":"Generic.mg.185cbb7509b31 
111"},"CAT- 
QuickHeal":{"category":"undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210416","engine_version":"14.00" 
,"methoad": "blacklist’}, "ALYac":{"category":"undetected","engine_n 
ame": "ALYac","engine_update":"20210416","engine_version":"1.1. 
3.1","methoa": “blacklist’}, "Cylance": "category": "malicious", "engin | 
e name": "Cylance","engine_update":"20210416","engine_version" 
"2.3.1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"catego 
Ne "undetected" ,"engine_name":"Zillya","engine_update":"202104 
16","engine_version":"2.0.0.4344","method":"blacklist"},"SUPERA 
ntiSpyware" ‘{"category":"undetected","engine_name":"SUPERAnti 
Spyware","engine_update": "20210416" ,"engine_version":"5.6.0.10 
eeu "method": "placklist"},"Sangfor":{"category":"undetected" "engin 
e name": "Sangfor","engine_update":"20210416","engine_version" 
"2.9.0.0","method":"blacklist"}, "K7AntiVirus": {"category":"malicious 
","engine_name":"K7AntiVirus","engine_update":"20210416","engi 
ne_version":"11.176.36955", "method": "blacklist","result":"Unwante 
d-Program ( 005025f81 
)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5", "method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210416","engine_version":"11.176.36953", "me 
thod":"blacklist","result":"Unwanted-Program ( 005025f81 
Nate "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 055baa"}, "BitDefenderTheta’: {5C 
ategory":"undetected","engine_name":"BitDefenderTheta","engine 
_update":"20210414","engine_version":"7.2.37796.0", "method":"bl 
acklist"},"Cyren":{"category": "undetected","engine_name":"Cyren", 
"engine_update":"20210416","engine_version":"6.3.0.2","method": 
"placklist"}, "SymantecMobilelnsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210416","engine_version":"1.14.0.0","method":"bla 
cklist","result":"ML.Attribute. HighConfidence"},"ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210416","engine_version":"23144"," 
method":"blacklist","result":"a variant of Win32/UltraReach.AG 
potentially 
unsafe"},"APEX"{"category":"malicious","engine_name":"APEX"," 
engine_update":"20210416","engine_ version":"6. 153","method":"bl 
acklist","result":"Malicious"},"Avast":{"category":"malicious","engin 
eC. name": "Avast","engine_update":"20210416","engine | version”:" 
21.1.5827.0", "method": "blacklist","result": "FileRepMetagen 
[Malware]"}, "ClamAV": {"category": "undetected","engine_name":"Cl 
amAV","engine_update":"20210416","engine_version":"0.103.2.0", 
"method":"blacklist"},"Kaspersky” :{"category":"malicious","engine_ 
name":"Kaspersky","engine_update":"20210416","engine_version" 
"21.0.1.45","method":"blacklist","result":"not-a- 
virus: HEUR:RiskTool.Win32.Generic"},"BitDefender":{"category":" 
undetected","engine_name":"BitDefender","engine_update":"2021 
041 6","engine_ version": "7.2","method": "blacklist"},"NANO- 
Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210416","engine_version":"1.0.146. 
Psy i7Aeyy "method": "blacklist","result": "Riskware.Win32.UltraReach.e 
xbzel"},"Paloalto":{"category":"malicious","engine_name":"Paloalto 
","engine_update":"20210416","engine_' version":"1. 0","method":"bl 
acklist","result":"generic.ml"},"AegisLab":{"category":"undetectea"," 
engine_name":"AegisLab","engine_update”: "20210416","engine_v 
ersion":"4.2","method":"blacklist"},"Rising":{"category":"malicious"," 
engine_| name": "Rising","engine_update":"20210416","engine_vers 
ion":"25.0.0.26","method":"blacklist","result":"PUA. Presenoker!8.F 


ion":"25.0.0.26","method":"blacklist","result":"PUA.Presenoker!8.F 
608 (CLOUD)'}, "Ad- 
Aware":{"category":"undetected","engine_name":"Ad- 
Aware","engine_| update": "20210416", “engine_ version":"3.0.16.117 
i "method": "blacklist"},"Trustlook" "category": "type- 
unsupported", "engine_name": "Trustlook","engine_update":"2021 0 
416","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory":"undetected","engine_name":"Emsisoft","engine_update":"2 
0210416","engine_version":"2018.12.0.1641", "method": RAO 
"Comodo":{"category":"undetected","engine_name":"Comodo","e 
gine_update":"20210416","engine_version":"33444","method": ‘bla 
cklist"}, i Secure":{"category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2's "method": "blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"VIPRE":{"category":"malicious","engine 
“name": "VIPRE","engine_update":"20210416","engine_version":"9 
1878","method":"blacklist","result":"UltraSurf (fs) (not 
malicious)"}, "TrendMicro" "category": "undetected","engine_name" 
:"TrendMicro"," ‘engine_ update":"20210330","engine_version":"11.0 
0.1006", "method": "blacklist’}, "McAfee- GW- 
Edition": {"category": "malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "2021041 6","engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.PUP. vc"} 
,"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_name":"Sophos","engine_u 
pdate":"20210416" "engine_version":"4 .0.2.0","method":"blacklist", 
"result":"Generic ML PUA 
(PUA)"}, "Ikarus" :{"category":"undetected" “"engine_| name":"Ikarus", 
"engine_update":"20210416","engine_version":"0.1.5.2","methoad": 
"placklist"},"GData": "category": "undetected","engine_ name":"GDa 
ta","engine_update":"20210416","engine_version":"A: 25. 29338B: 2 
7.22680", "method":"blacklist"},' 'Jiangmin” :{"category":"malicious",' 
engine_name":"Jiangmin","engine_update": "20210415","engine_v 
ersion":"16.0.100","method":"blacklist","result":"Trojan.Generic.bjw 
ej"},"Webroot":{"category":"undetected","engine_name":"Webroot", 
"engine _ update": "2021041 6","engine_version"."1 -0.0.403","metho 
d":"blacklist"},"Avira":{"category":"malicious","engine_name":"Avira 
""engine_update":"20210416","engine_ version":"8.3.3. 12","metho 
Ss leet ,"result":"TR/Agent.hmtof"},"eGambit": {"category"': "con 
irmed- 
timeout","engine_name":"eGambit","engine_ update": "20210416"," 
method":"blacklist"},"MAX":{"category":"malicious","engine_name": 
"MAX","engine_update":"20210416","engine_version":"2019.9.16. 
i; "method": "blacklist","result": "malware (ai 
score\u003d94)"}, "Kingsoft":{"category":"undetected","engine_na 
me":"Kingsoft","engine_update":"20210416","engine_' 'version"="20 
1 7.9.26.565","method"="blacklist"},"Gridinsoft":{"category”:"undete 
cted","engine_name":"Gridinsoft","engine_update":"20210416","en 
gine_version":"1.0.37.128","method":"blacklist"},"Arcabit":{"categor 
y":"undetected","engine_| name": "Arcabit","engine_update":"20210 
M1 6","engine_version":"1.0.0.881" "method": "placklist"},"ViRobot":{ 
"category": "undetected", "engine_name":"ViRobot","engine_update 
""20210416","engine_version":"2014.3.20.0","method":"blacklist"}, 
"ZoneAlarm" :{"category":"undetected" "engine name":"ZoneAlarm 
""engine_update":"20210416" "engine_| version":"1.0","method":"bl 
acklist"},"Avast-Mobile":{"category":"type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210416","engine_version":"210416- 
02", "method": "blacklist"}, "Microsoft" :{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210416","engine_versio 
n":"1.1.18000.5","method": “blacklist”, "result":"PUA:Win32/Vigua.A" 
}"Cynet"- category": "malicious","engine_name":"Cynet","engine_ 
update":"20210412","engine_version":"4.0.0.27", "method" "blackli 
st","result":" "Malicious (score: 
99)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916","engine_version":"2.0.936", "method": "blacklist"},"AhnL 
ab- V3": {"category":"undetected" "engine _ name":"AhnLab- 
V3","engine_update":"20210416","engine_version":"3.19.7.10132" 
"method": "blacklist"},"Acronis":{"category":"undetected","engine_n 
ame":"Acronis" ,“engine_| update": "20210211" "engine _| version": “Ale 
1.1.81","method":"blacklist"},"McAfee":{"category":"malicious","eng 
ine_name":"McAfee","engine_update":"2021041 6","engine_versio 


ine_name":"McAfee","engine_update":"20210416","engine_versio 
n":"6.0.6.653","method":"blacklist”,"result":"Artemis!185CBB7509B 
3"},"TACHYON":{"category":"undetected","engine_name":"TACHY 
ON","engine_update":"20210416","engine_ version": "2021 0 
16. Oa "methoa":"blacklist"}, "VBA32": {"category":"malicious",' ‘engi 
ne_name":"VBA32","engine_update":"20210416","engine_version" 
:"5.0.0","method": "blacklist" *result":"BScope. Trojan.Downloader’t, 
"Malwarebytes":{"category":"malicious","engine_name":"Malwareb 
ytes","engine_update":"20210415","engine_version":"4.2.1.18","m 
ethod":"blacklist","result":"Malware.Al.831733527"},"Zoner":{"cate 
gory": "undetected", "engine_name":"Zoner","engine_update":"2021 
0415","engine_version":"0.0.0.0","method":"blacklist"},"TrendMicro 
HouseCall": t ‘category":"undetected","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210416","engine_version":"10.0.0 
1040", "method": "blacklist"},"Tencent":{"category":"undetected","e 
ngine_name":"Tencent","engine_update":"2021041 et sencinecver 
sion":"1.0.0.1","method":"blacklist"},"Yandex":{"category":"maliciou 
s","engine__ name": "Yandex","engine_update":"20210415","engine 
version":"5.5.2.24","method":"blacklist’, “result"."Trojan. GenAsa! 
OJybGo5FLF8"}, "SentinelOne";{" ‘category":"malicious","engine_ na 
me":"SentinelOne","engine_update":"20210215", "engine version": 
"5.0.0.20","method":"blacklist’,"result":"Static Al - Suspicious 
REL: "MaxSecure": {"category":"undetected","engine_name":"MaxS 
ecure","engine_update":"20210416" "engine_version":"1 FOO Rlbeatm 
ethod":"blacklist"},"Fortinet":{"category":"malicious","engine_name 
""Fortinet","engine_update":"20210416","engine_version":"6.2.14 
2.0","method":"blacklist","result":"Riskware/Generic"},"AVG":{"cate 
gory":"malicious","engine_name":"AVG","engine_update":"202104 
16","engine_version":"21.1.5827.0","method":"blacklist","result":"Fi 
leRepMetagen 
[Malware]'},"Panda":{"category":"undetected","engine_name":"Pa 
nda","engine_update":"20210416","engine_version":"4.6.4.2","met 
hod":"blacklist"},"CrowdStrike":{"category":"malicious","engine_na 
me":"CrowdStrike","engine_update":"20210203","engine_version": 
"4.0","method":"blacklist","result":"win/malicious_confidence_60% 
(D)"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210416","engine_version":"1.0.0.1120"," 
method":"blacklist","result":"Win32/Trojan.Generic. HgIASRAA"}},"! 
ast_analysis_stats":{"confirmed- 
timeout": ,"failure":0,"harmless":0,"malicious":32,"suspicious":0,"ti 
meout":0,"type- 
unsupported": 5,"undetected":36},"last_modification_date":"161901 
0974","last_submission_date":"1516053944","md5":"185cbb7509b 
31111697e6d173bacd6at", "meaningful_. name":"U1603. EXE","nam 
es":["U1603.EXE"], “reputation”: "0" "sha1":"81 4244f055baat4335b9 
37bec1772401b633f051d", "sha256":"8e896c58a8d54b5773782a8d 
d93529c842ed27{6a9dbbe32afdd0ea98b58dbd1 ""size":"2631992 
""tags"["peexe","invalid-rich-pe- 
checksum","upx","overlay"],"times_submitted":"1","total_votes":{"h 
armless":"0","malicious":"0"},"type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"02603e0f 
7f501013z11261213z17z13z11z101017z","authentihash":"5b5c8e 
8d39d160a847a62d0c9162fe80658aa0b53b2eea6e207092e68b0 
0d94a","magic":"MS-DOS executable, MZ for MS- 
DOS","packers":{"PEiD":"UPX v0.89.6 - v1.02 / v1.05 -v1.24 - 
\u003e Markus \u0026 Laszlo [overlay]","F- 
PROT":"UPX"},"pe_info":{"entry_point":"3894048","imphash":"fc88 
6b896f4eab5fd8b7 1 16cded50612","import_list": [{" ‘imported_functi 
ons":["SendARP"],"library_name":"iphlpapi.dll"},{"imported_functio 
ns":["PlaySoundA"),"library_name":"WINMM.dll"},{"imported_functi 
ons":["InternetOpenA"],"library_name":"WININET.dll"},{"imported_f 
unctions"["BitBIt"],"library_name":"GDI32.dll"},{"imported_function 
s"["ShellExecuteA"],"library_name":"SHELL32.dll"},{"imported_fun 
ctions":["VirtualFree","ExitProcess","VirtualProtect","LoadLibraryA" 
,"VirtualAlloc","GetProcAddress"],"library_name":"KERNEL32.DLL 
"\,{"imported_functions":["OpenPrinterA"],"library_name":"WINSP 
OOL.DRV"},{"imported_functions":["Netbios"],"library_name":"NET 
API32.dll"},{"imported_functions":["RegCloseKey"],"library_name": 
"ADVAPI32.dll"},{"imported_functions":["getsockopt"],"library_nam 
e":"WSOCK32.dll"},{"imported_functions":["Colnitialize"],"library_n 
ame":"ole32.dll"},{"imported_functions":["inet_addr"],"library_name 
""WS2_32.dll"},{"imported_functions":["GetDC"],"library_name":"U 
SER32.dll"},{"imported_functions":["Ord(17)"],"library_name":"CO 
MCTL32.dll"}],"machine_type":"332","overlay":{"chi2":8178.893554 
6875,"entropy":7.422241687774658,"filetype":"Data","md5":"f2f9fb 
3040a1 5f1 efe458789b202f59e", "offset": "2626048", "size": "5944"}." 
resource_details":[{"chi2":1145172.25,"entropy":7.7946686744689 


resource_details":[{"chi2":1145172.25,"entropy":7.7946686744689 
94,"filetype":"Data","lang":"ENGLISH 

US","sha256":"e336d02fa05a5bdf025315d663c9e87 1 c5f79668a47 
c7163e5c98475d31 320b0","type":"BIN"},{"chi2":622.90905761718 
75,"entropy":6.9311 18488311 768,"filetype":"Data","lang":"ENGLIS 
H 


US","sha256":"cc05d930ad8b7b927a1 3063d49fa386c7cce9060e 
2f772d616984c78c4538fd4" ,"type":"RT_CURSOR'"},{"chi2":295.02 
239990234375,"entropy":6.784854888916016,"filetype":"Data","la 
ne "ENGLISH 
US","sha256":"d26534e00f58dd5e9b901 af6 152ba1bda4d7b5813 
4a9dadbd56323690a390276", "type":"RT_CURSOR'},{"chi2":1319 
Seen a) ‘entropy":7. 6415019035339355 ,"filetype":"Data","lan 
Ge "EN 
US","sha256":"8a1 2c246ca4237c1 6f86d8a78d8f5b4540dd088d3f 
88eb5c24a86tb5 7bc0ffb4", "type":"RT_BITMAP"},{"chi2":428. 1742 
pee ‘entropy":6. 715577602386475 filetype":"Data","lang 
" "EN (LI 
US","sha256":"3fbaf6 1 90d5fboc5706b2a878feed40cacf8849ccb5fe 
3bc8863e91969cfee8d9", "type":"RT_BITMAP"}, {"chi2": 530.59368 
Sarasa ‘entropy":7. 166426181793213 ,filetype":"Data","lang":" 
ENGLI 
US","sha256":"3447788ec2a909b6e1 4dcdfbe9b3dbf9287c706ccb 
88961041 9dc4fb5tda9987", "type":"RT_BITMAP"}, {"chi2":540.3952 
ea ‘entropy":7. 094301700592041 ,filetype":"Data","lang":" 
ENGLI 
US","sha256":"2a8cc5173a68605a96f56d6f7d5c5153a576355af1 
94463c870ba636bb407a5b", "type":"RT. _BITMAP"}, {"chi2":195185. 
40625,"entropy":4. 6607322692871 09,"filetype":"Data","lang":"NEU 
TRAL","sha256":"2cf0e773a60e1 93d450860eab23fd3cd71e05299 
0e8331 1bf6301 fafb812e8e1" ,"type":"RT_ICON"},{"chi2":681.2975 
463867 188,"entropy":7.0058870315551 76,"filetype":"Data","lang": 
"NEUTRAL", "sha256":"5489f8dca99acacid5a7 | 4ad0ebSb25atdat 
474ed67084a5c42321510d7041d0","type":"RT_ICON"},{"chi2":70 
7.2434082031 25,"entropy":6.98 141622543335, "filetype":"Data","la 
ng":"NEUTRAL", "sha256":"388e7e5b1 4321 6ae1ee2e2838163d67 
0715649b234339789bbc6a858dd0ef89c" ,"type":"RT_ICON"},{"chi2 
"3467.985595703125,"entropy":7.6580867 76733398, "filetype" :"D 
ata","lang": "NEUTRAL", "sha256":"37dac32b912d7897c97aa2284 
5948a6ea1 13d72c08d47735c1 7e4d2cbf43638c","type":"RT_ICON 
ate {"chi2": 1239.3116455078125,"entropy":7. 471278667449951, "fil 
etype":"Data","lang":"NEUTRAL","sha256":"5ed2a7091 4e0c70acb 
07fe9a8e4e6c44e852070f13f9d77e1 bce22e94ec0a3422","type":"R 
T_ICON"},{"chi2":3851.5234375,"entropy":7.641 70503616333, "file 
t pe":"Data","|ang":"NEUTRAL","sha256":"b00120c1612137f2515 
35d095ab1ca5d8181bee22dce4f01f036202a078891a6","type":"R 
T_ICON"},{"chi2":2956.21630859375,"entropy":7.6558041572570 
8,"filetype":"Data","lang":"NEUTRAL","sha256":"41aa5a0b1 1cfe18 
b359b93727d738ed5f0b9e7234ee27921 12f1 11 cfc3fc39","type": 
"RT_ICON"},{"chi2":1916.7661 1328125,"entropy":7.58358097076 
41 6,"filetype":"Data","|ang":"NEUTRAL","sha256":"943b1 b38790f4 
e72ed0c54e603c1 3bb898f4fcb38efb7871300106c763ffE8fb","type" 
:"RT_ICON"},{"chi2":3344.7607421 875,"entropy":7.690448760986 
328,"filetype":"audio/mpeg","lang":"NEUTRAL","sha256":"0f7335a 
5fb1ed09089b43b31 0be228422bd4f7df0432b01 902bd202c1 dfe39 
27","type":"RT_ICON"},{"chi2":6134.619140625,"entropy":7.70819 
52095031 74,"filetype":"Data","lang":"NEUTRAL","sha256":"9ddb0 
44a53be88e2c03b32087107fdbf49de6045613352344a0b7880dc0 
16dfd","type":"RT_ICON"},{"chi2":14074.310546875,"entropy":7.7 
367377281 188965, "filetype":"mc68k executable (shared demand 
paged)","lang": "NEUTRAL", "sha256":"1b871596b4c34d1 1¢74425 
64accd7eb3b 1 b0c83c08efea2b257876b98F1 7f3ae" ,"type":"RT_IC 
au {"chi2":6240.4052734375,"entropy":7.703453063964844, “file 
e":"Data","lang":"NEUTRAL","sha256":"1 8790cbbb23dd7ab5t4 
peso02sbt8! d43e80eee'2b30321276df92a798f33ed1" s"type":"RT 
_ICON"},{"chi2":1795.1207275390625,"entropy":7.566896915435 
791 ,filetype":"Data","lang":"NEUTRAL","sha256":"454981 cf383c50 
d3f6a786d5f0b5bc3ee8aada3521eb968958 1 4437ca5779d3d9","t 
pe":"RT_ICON"}, {"chi2":3608.9443359375,"entropy":7.67802333 
8317871 ,"filetype":"Data","lang":"NEUTRAL","sha256":"c3d5215b 
0786af8941 e49660f07d 1 bf6b9bcb5c07c3f5d550b63d046f7a9852 
2","type":"RT_ICON"},{"chi2":68 13.763671875,"entropy":7.700781 
82220459, "filetype":"Data","lang":"NEUTRAL", "sha256":"253caa3 
4d0a0c7bdc2a29435d7851 edf91 cbd56540fca5bc55 14589c036d3 
660","type":"RT_ICON"},{"chi2":15259.9306640625,"entropy":7.71 
9501972198486, "filetype":"Data","lang": "NEUTRAL", "sha256":"4e 
a56ca5d2ace1f7a3ea 1 ddd2b3bc35891 27b1855e3d3a6ea55590d 
4a7ebdee4","type":"RT_ICON"},{"chi2":6213.2685546875,"entropy 


4a7ebdee4","type":"RT. _|CON"}, {"chi2": 6213.2685546875,"entropy 
":7.7126951 21765137, '"filetype":"Data","lang":"NEUTRAL","sha25 
6":"a0880aal 6dc45376f1 a1 87d1453954274da1 415669dacde7546 
Se aes "type":"RT. _|CON"}, {"chi2":4650.962890625,"entr 
opy":7. 705899238586426," 'filetype":"Data","lang": "NEUTRAL", "sh 
a256":"71987a54321 de72c448b1 12a8426daa25c4a1a1bi2e08260 
d835ac32410bbb1e","type":"RT_ICON"},{"chi2":3392.2021484375 
,"entropy":7.676105499267578, "filetype":"Data","lang":"NEUTRAL 
""sha256": "§87c63e5{bd6233fdf5cc7835369f3860b10009a0f5a71 
4ece7bb005c4f1 2a76" ,"type":"RT_ICON"},{"chi2":3377.64599609 
375,"entropy":7.664721488952637,"filetype":"Data","lang":"NEUT 
RAL", "sha256":"bceb0ea6a9cc2 1 382efeabfb6df4bc537ad7 1438bf 
€9840d1fc23fcfaf7d1b43" s"type":"RT_ICON"},{"chi2":1168.429931 
640625,"entropy":7.440004348754883, "filetype":"Data","lang":"NE 
UTRAL","sha256": "20a933a652ad86ca698I8 1 a9bd1f43d81 dfbcee 
7d46e0791 76fcc7a77daad269","type":"RT_ICON"},{"chi2":1390.0 
213623046875,"entropy":7.441 044330596924, "filetype":"Data","la 
ng":"NEUTRAL","sha256":"eb9e4ec8aeb9ab0cc668d8086d3eb0e 
892d934a80ce01 3699f9b28ea8cd91653", "type":"RT_ICON"},{"chi 
2":3199.046875,"entropy":7.661279678344727,'filetype":"Data","| 
ang":"NEUTRAL","sha256":"8a2b431ca9640d045086f93d7 1 3544 
O9FffO1 5df88498e7c29d1f246805cc29c","type":"RT_ICON"},{"chi2" 
:3408.837646484375,"entropy":7.66521 7399597168 ,filetype":"Da 
ta","lang":"NEUTRAL","sha256":"f1 68f7dcd850bd47d22de374704 
009f39dfa9fb6e259c4bab6bc99185a5656a1" ,"type":"RT_ICON"},{" 
chi2":2177.304931640625,"entropy":7.53240442276001 "filetype": 
"Data","lang":"NEUTRAL", "sha256":"138ab7a00b5c3d7d415579ff 
5f9ca6f59c053bd8c61b6832f0c5 1 1dbff06b005","type":"RT_ICON" 
},{"chi2":3817.94091 796875,"entropy":7. 664473056793213," ‘filetyp 
e":"Data","lang":"NEUTRAL","sha256":"13008164ab5dd44469920 
8780fact?da7d03efS4cdeeS| e159d57998feaf1 15b","type":"RT_IC 
ON"} {"chi2":6701.853515625,"entropy":7.703240394592285, "filet 
pe":"Data","lang":"NEUTRAL","sha256":"8125e931 78685dac4ce 
23161 49f8dd2b20854b2291 1c4169b16536669a0e557","type":"R 
T_ICON"},{"chi2":5060.986328125,"entropy":7.782600402832031, 
“filetype":"Data","lang":"NEUTRAL","sha256":"7bcabf171a5665cd 
0da9f229c0949dba4bb7d7dbb1d4e0594896725c9bea80e9", "type 
""RT_ICON"},{"chi2":1155.70654296875,"entropy":7.8190288543 
70117,"filetype":"Data","lang":"NEUTRAL","sha256":"c0c8960856 
b837be53ea2fab2678f3db59b4 1 d2284324baa2b0340d3373aced0 
""type":"RT_ICON"}, {"chi2": 1655.319091796875,"entropy":7.5652 
89497375488, "filetype":"Data","lang":"NEUTRAL","sha256":"fce3b 
1949409756 1586f1 80fdb795252decb26568292da1b91c38e162ed 
acb02","type":"RT_ICON"}, {"chi2". 2343.422363281 25,"entropy":7. 
693537712097 168, "filetype":"Data","lang":"NEUTRAL","sha256":" 
02d7ab3832c82acee35368a8e5ed183e 10964d7e8d4956a0f1b00 
33f11154965","type":"RT_ICON"},{"chi2":5759.98828125,"entropy" 
:7.273943901062012,"filetype":"Data","lang":"NEUTRAL","sha256 
""9d9e1c7ed06447a4b00d795b724e355e03fe96794278e461d24 
55a4a4647577d","type":"RT_ICON"},{"chi2":4225.9580078125,"en 
tropy":7.767758846282959, "filetype" :"Data","lang":"N EUTRAL","s u 
ha256":"282904d1f201f171 04e605829308167d405i4eea2Iedd2dd 
be580f191779729d","type":"RT_ICON"},{"chi2":2094.09326 17187 
5,"entropy":7.750135421 75293, "filetype":"Data","lang":"NEUTRAL 
z ,"sha256": "#31 4f0b16b9c393c9603{c3a89d2 13051 0fd3c845795tb 
b40c510e57bb40f42e" ,"type":"RT_ICON"},{"chi2":323.529541015 
625,"entropy":5.6814351081848145,"filetype":"Data","lang":"CHIN 


ESE 
TRADITIONAL","sha256":"bfd41851d799008dbba7321c0c680484 
67d79facfl Ofb4b6b7da6icd1 cf001f1" ,"type":"RT_MENU"},{"chi2":3 
13.1429443359375,"entropy":6. 2601776123046875, "filetype":"Dat 

a a","lang": "ENGL ISH 
US","sha256":"0bea03658b0a06054890b9025c76d5f05e892d984 
e5dbaeecf376a67ce16858e","type":"RT_MENU"},{"chi2":461.7210 
0830078125,"entropy":5.68777 7996063232, "filetype":"Data","lang 
PuCHINESE 
SIMPLIFIED","sha256":"126eb86cf54438c3f0b7360f8c395ddda51 
67204e725b1f0d8e3c0f48d9b04d1" ,"type":"RT. _MENU"}, {"chi2":36 
1.17657470703125,"entropy":5. 624081134796143," filetype":"Data 
" slang": "CHINE SE 
TRADITIONAL","sha256":"1c73e1 6551368e6a21 2c141dd35d19f2 
{60652be66dabe02b1aacd614ab2e631" ,"type":"RT_MENU"},{"chi 
2":309.3963928222656, "entropy":6.189996242523193,"filetype":" 
Data","lang":"ENGLISH 
US","sha256":"ca1e30d8872b318aa2aeaab159774c8831d91115d 
3bc1d677a9ad9953c9a23dd", "type":"RT_MENU"}, {"chi2": 323.199 
951171875,"entropy" '5.828057289123535 filetype":"Data","lang": 
"CHINESE 


"CHINESE 
SIMPLIFIED","sha256":"062f2e0c8239a5242ed91e12b430b03aec 
632b543d3f1fc2f58e3bfe5 1f00fef", "type":"RT_MENU"},{"chi2":429. 
55548095703125, “entropy”: 5.279860496520996, filetype":"applic 
ation/x-executable-file" ."lang":"CHINESE 
TRADITIONAL","sha256":"d5fd4fa88df07d13b0ad0bcdb3289cc58 
52ef729b3a882d4764b74ecc1 1b3301" ,"type":"RT_MENU"},{"chi2" 
313.1429138183594,"entropy":6.29825496673584, "filetype":"Dat 
ee a","lang": "ENGL ISH 
US","sha256":"deb6e2b949d721f6615a5cb21ba4b860fcc8a937ec 
a883d1 1b52d375d3f88d7e", "type":"RT_MENU"},{"chi2":277.1628 
7231 Bee Aue '6.105224609375, "filetype":"audio/mpeg","la 
ng": alt 
SIMPLIFIED","sha256":"8795858c88f685224a0341 40dd35138bdb 
53862ecd1bbbc38dc77a68581e3b9c" ,"type":"RT_MENU"},{"chi2": 
506.3857421875,"entropy":6.491690635681 152,"filetype":"Data","| 
ang":"CHINESE 
TRADITIONAL","sha256":"c4031 a0c5bc302c3de3c754d994dd1 ac 
6d00ddcd2bdba40975c3e70435a97599" ,"type":"RT_DIALOG’},{"c 
hi2":281.9568481 4453125,"entropy":6.8595652580261 23, "filetype 
""Data","lang":"ENGLISH 
US","sha256":"1657750c69375d54a9a150e6d57be9330bd51 17b5 
79d3b36de534af42246eca5" ,"type":"RT_DIALOG"},{"chi2":444.69 
891 SAGE oe ,"entropy":6.555 198669433594, "filetype":"Data","la 
ng": " 
SIMPLIFIED","sha256":"0e026a9ac0c81b92aa57baa0ecdd61309 
604085238d8d08a7 1042209e0e5cc28" ."type":"RT_DIALOG"},{"ch 
12":843.1111450195312,"entropy":6.774775981903076,"filetype":" 
Data","lang":"CHINESE 
TRADITIONAL","sha256":"885d8 1 aca748e2ac401 10c8da55bf0e7 
1f8f220d7290d6a6cd8e788e9cb8a6ad" ,"type":"RT_DIALOG"},{"ch 
i2":693.5650634765625,"entropy":7.0071492195129395,"filetype": 
"Data","lang":"ENGLISH 
US","sha256":"1 9c9f9dddccf882821779578a93a5b46eb1d7715e4 
8175321 3b2d675e77973d", "type":"RT_DIALOG"},{"chi2":753.714 
er eee 2,"entropy":6.797750949859619,"filetype":"Data","lang 
SIMPLIFIED","sha256":"eaeabb79e1 88444707d9873a6e233cc0d 
9760cf535aba0bb6c9216b72add6a45" ,"type":"RT_DIALOG"},{"chi 
2":2217.67041015625,"entropy":7.601847171783447,"filetype":"D 
ata","lang":"CHINESE 
TRADITIONAL","sha256":"7144379499d83ded029a3f66f89c82f66 
47003f4be97dc949ctb4a526ef1ee57" ,"type":"RT_DIALOG"},{"chi2 
":11244.564453125,"entropy":7.580651760101318,"filetype":"Data" 
."lang":"ENGLISH 
US","sha256":"696fc9ea9a7 1b8b22629bdf3aa68c519344f67ac79 
cb77e83cc5167fc9d52484" ,"type":"RT_DIALOG"},{"chi2":2647.85 
Pee ,"entropy":7.641261100769043,"filetype":"Data","lang 
SIMPLIFIED","sha256":"d67a636e4c1 9eae93d1e7cO0dadf48331d9 
89ad8e492f1478021215480a9b626" ,"type":"RT_DIALOG"},{"chi2 
":1404.922119140625,"entropy":7.304216861 7248535, "filetype":" 
Data","lang":"CHIN ESE 
TRADITIONAL","sha256":"ddb2e21a5791 ef6e288d65bb9f07bf42 1 
6fd868e94fa190368a535fdb73f1 261", "type":"RT_DIALOG"},{"chi2" 
'610.9863891601562,"entropy":7.476383686065674,"filetype":"Da 
ta","lang":"ENGLISH 
US", "sha256":"082da7e31b84aca7865990cbc6084a7855e9df995 
af2ba3f0d9467003ad3519d" ,"type":"RT_DIALOG"},{"chi2":937.48 
te ,"entropy":7.367889404296875, "filetype":"Data","lang 
SIMPLIFIED","sha256":"7f15f8469e4d3090d71d6fcde8ca7f60985 
5902d578bet4cbe2de6605cd02116", "type":"RT_DIALOG"},{"chi2": 
1918.8370361328125,"entropy":7.49212694 1680908, "filetype":"D 
ata","lang":"CHINESE 
TRADITIONAL","sha256":"7c9f6291 0c70c0f89465ee67b001c2247 
673d5ea22542c472331861229971ca1" ,"type":"RT_DIALOG"},{"ch 
i2":706.8084716796875,"entropy":7.696610927581 787,"filetype":" 
Data","lang":"ENGLISH 
US","sha256":"12b3d89dec54ad3ccb7c0251e13a8f6bd04b2fbc5f 
0c0¢0745693c9177460342", "type":"RT_DIALOG"}, {"chi2":1 756.27 
CHINE ae ,"entropy":7.4653491 97387695, "filetype":"Data","lan 
SIMPLIFIED". "sha256":"9d50629c1c9857c2dfa55fa8 1 9bcfea393d 
26a79atd9eta8e75 1 f8ba2dcd2d88", "type":"RT_DIALOG"},{"chi2": 
702.24365234375,"entropy":7.0662946 701049805, "filetype":"Data 
""lang":" INESE 
TRADITIONAL","sha256":"224d0050cb3228da93f3b1 3e8fef1f9c1 


TRADITIONAL","sha256":"224d0050cb3228da93f3b1 3e8fef1 f9c1 
abb3a3ae6760a9b39523581b485bb86","type":"RT_DIALOG"},{"c 
hi2":341.52838134765625,"entropy":7. 2645697593688965 ,"filetyp 
eo aia” slang": "ENGL ISH 
US" "sha256":"7708c71292ae1 1539ab071b9b1458724be550de6f 
43ffd1 dfdd26378ebb52aa5", "type":"RT_DIALOG"},{"chi2":775.835 
Can ee ,"entropy":6. 9787526 13067627 filetype":"Data","lang":" 
NE 
SIMPLIFIED","sha256":"74c7bcb4652723b7d43d09d7be92900b2 
be70e785e4e5d9c2adfec019c77343" ,"type":"RT. _DIALOG"}, {"chi 
2":790.6990966796875,"entropy":6.93990 1828765869, "filetype":" 
Data","lang":"CHINESE 
TRADITIONAL","sha256":"9105dc7776b2092e9204e4ec73a9c59 
e0d1c4e236 1 70e3de58d3ad9883e5bce4","type":"RT_DIALOG"},{" 
chi2":518.6734008789062,"entropy":7.400401592254639, "filetype 
We "Data", "lang": "ENGLI SH 
US","sha256":"a861 17¢26e1a549db71014312a499bc9dc410586a 
53ae76cide3b08632f0e61 1" ,"type":"RT_DIALOG"},{"chi2":716.63 
14697265625,"entropy":7. 019123554229736, "filetype":"Data","lan 
g":"CHINESE 
SIMPLIFIED", "sha256":"1 1a482c47e1 327 1 8a6c36ce9375339fd6 
9a671919e5806b73idal4e30a39d4c" ."type":"RT _DIALOG"}, {"chi2" 
:317.806396484375,"entropy":6.38754796981 81 15,"filetype":"Dat 
a","lang":"ENGLISH 
Us" "sha256":"3020007f5412757b97d9a26 1 38c8b1 241 1e10abb2 
d1b79c65c6ea6a7 1c4d609c","type":"RT_DIALOG"},{"chi2":1514.6 
RAPT ,"entropy":7.485271 453857422, "filetype":"Data","lang 
wee HI E 
SIMPLIFIED","sha256":"a5d807bab4a78a6ecf49de8ab1 91 3fe28b 
60eed520cb12e740a340ff1 1€0307e", "type":"RT_DIALOG"},{"chi2 
":618.181884765625,"entropy":6. 372661590576172 ,"filetype":"au 
dio/mpeg","lang": "CHINESE 
TRADITIONAL","sha256":"88fc565ae48ae4dc38c86061 443d567ff 
b4cb646348303c88941267e361 e3c8e", "type":"RT_DIALOG"},{"chi 
2":383.999755859375,"entropy":7. 104353904724721 ,"filetype":"D 
ata","lang":"ENGLISH 
US","sha256":"33b2a15ed7ac0b14964016de099c9aee2el 14fae3 
d44239f6bcfe8ed123817ee", "type":"RT. _DIALOG"}, {"chi2":488.83 
i aH 01 nee ,"entropy":6. 636549472808838,." 'filetype":"Data","lan 
SIMPLIFIED", "sha256":"160cb72fea80df75f3c1 3e6ec2dfb2be 187 
8f467360330bd32aa82dc4dc50ae2","type":"RT_DIALOG"},{"chi2": 
330.75872802734375,"entropy":6.904662132263184,"filetype":"D 
ata","lang":"ENGLISH 
US","sha256":"80753421c7f0f98da7a9b2741 7463ffa7 14d7f62670 
58992a6c726c1d0db666r", "type":"RT. _DIALOG"}, {"chi2":572.4963 
ee ,"entropy":7. 365382194519043,' 'filetype":"Data","lang":" 
EUTR 
DEFAULT","sha256":"69b7 1 8e5b4c9d6f27718a452d56ebcef2ecal 
66267b993d2964e24ffd85630bb","type":"RT_STRING"},{"chi2":36 
6.53717041015625,"entropy":6.516470432281 494, "filetype":"Data 
""lang":"CHINESE 
TRADITIONAL","sha256":"0273882a5d108083078eb97b30d0ec6 
0073173c8ae38b67d6506ce85{25fc741" "type":"RT_STRING"},{"c 
hi2":507.4815979003906,"entropy":7.056801 795959473, "filetype": 
"Data","lang":"CHINESE 
SIMPLIFIED","sha256":"3d2bbbe0ba30f3cc9a7a590d0d0ea290e4 
215fbb2448962139759b1 73514c0bd","type":"RT_STRING"},{"chi2 
"825.3941 Bee "entropy":7.512696743011475,"filetype":"D 
ata","lang":"NEUTRA 
DEFAULT","sha256": "Aft 502362e2eaeeb1 1f73c30df51 164d9cdb 
7bfdea1 bf25dfObebfcfbdd6096" "type":"RT_STRING"},{"chi2":658. 
088439941 4062,"entropy":7.313131809234619, "filetype":"Data","| 
ang":"CHINESE 
TRADITIONAL","sha256":"61 cfd0ed42b1 143710362e8126f89e54 
6798bf2d0445ce8bb318545384b66c9c","type":"RT_STRING"},{"c 
hi2":593.1882934570312,"entropy":7. 40747451 7822266 ,"filetype": 
"Data","lang":"CHINESE 
SIMPLIFIED","sha256":"85fb60750ca0657847922fd65a3faa42433 
7ee1034d64832cc56765937c830bd","type":"RT_STRING"},{"chi2" 
330. SNe "entropy":6. 38675594329834 ,"filetype":"Data", 
“lang":"NEUTRA 
DEFAULT", "shape6": "8b0688e197873856c46d6893fda60be93d0 
35ee0e373295735c9e2509380d1d9","type":"RT_STRING"},{"chi2 
":247.19996643066406,"entropy":5. 7068939208984375 ,"filetype": 
"Data","lang": "CHINESE 
TRADITIONAL","sha256":"c781 ec8d09fb9c19285c4868ebb8683a 
695db283dcf9d7c6a93557 1d1be67caf","type":"RT_STRING"},{"ch 


695db283dcf9d7c6a93557 1d1be67caf","type":"RT. _STRING’}, {"ch 
i2":323.9999694824219,"entropy":5.515063285827637,"filetype":" 
Data","lang":"CHINESE 

SIMPLIFIED","sha256":"f167f8f249f1 63a3f7 7986295301 0965068 
87bb084288b1 cb8ec6e0c95bi7 fat" ,"type":"RT_STRING"},{"chi2":3 
30.8002624511719,"entropy":6.386755466461 182, "filetype":"Data 
""lang":"ENGLISH 
US","sha256":"af64458b279d76464da93707c9769e1 172c2f288c0 
8842185348dafabd612711" ,"type":"RT. _STRING'}, {"chi2":274.952 
neat ee ,"entropy":5. 1838655471801 76,"filetype":"Data","lang 

US","sha256":"91c6651ea8bb28308e7 1 bO8abcc36ac49530a9538 
2b627 1€275f5ebe31408778" ,"type":"RT_STRING"},{"chi2":41 1.62 
396240234375,"entropy":7.208203315734863, "filetype":"Data","la 
re "ENGLISH 

US","sha256":"c1d17ba7e276983cbafa75bdc4e0f89630a85ee627 
e8bb15387fb0a1497ae963", "type":"RT_STRING"},{"chi2":1853.94 
82421875,"entropy":7.465586185455322, "filetype":"Data","lang":" 
ENGLISH 
US","sha256":"1 9ca6fec5df1 2c0f22754684 fbf6ef0f9 1 a63e9fbcc2b 
18a51 6f4476937b9f32","type":"RT_STRING'},{"chi2":631.827636 
cee ,"entropy":7.508 134365081 787, "filetype":"Data","lang":"EN 
US","sha256":"16e044b815a338a1 36eb633c733579da0b5c584c7 
1f6f097be54ce0978439679", "type":"RT_STRING"},{"chi2":842.46 
eae 25,"entropy":7.482487678527832, filetype":"Data","lan 
ae " 

US","sha256":"bd08993d7d601 78b8f6645383e5e4edf291 021 af38 
1e70842d390aadb47b8b21" ,"type":"RT_STRING"},{"chi2":533.48 
akannahy ,"entropy":6.501577377319336, "filetype":"Data","lan 
Ok: " 

US","sha256":"d87796053f5c08ebffa05346d 1c6bb886a63199a34 

be30f075ab8dd090c30cee" ,"type":"RT_STRING"},{"chi2":497.567 
al ra ,"entropy":6.79548978805542, "filetype":"Data","lang 

US","sha256":"af3070344ee0e7788d9f2e0c8772f7460f9a860eca7 
de7631d081890a060d1ed" ,"type":"RT_STRING"},{"chi2":957.259 

1552734375,"entropy":7.665002346038818,"filetype":"Data","lang 

":"ENGLISH 

US","sha256":"319d2d239cee1cl 7ae908aeb9041 1 eb8db238e8d1 
8d6d4a1351070dfe43d58c1" ,"type":"RT_STRING"},{"chi2":719.86 
meee ,"entropy":7.400120258331299,"filetype":"Data","lang 

US","sha256":"fe7d129849f792a7d09b4e331 ccacab5c2871e900e 
29fb7da4dfc1d1 bf065c02","type":"RT_STRING"},{"chi2":316.7272 
oe0867 ey ,"entropy":5.07863855361 9385, "filetype":"Data","lang 
US","sha256":"27685423 10a867al 7f949b52a73422b6e73295057 
ad6a4d9e1 4035b7abd38966","type":"RT_STRING"},{"chi2":342.4 
7064208984375,"entropy":4.6901 15928649902, "filetype":"Data","| 
ang":"ENGLISH 
US","sha256":"3eaf3129c32c420e54955e89d70f7c7b35tf4735c5d 
14344558bfa65053e16d0","type":"RT_GROUP_CURSOR"},{"chi2 
":1823.2001953125,"entropy":1.9192407131 195068, "filetype":"Dat 

a","lang":"NEUTRAL","sha256":"f0 1 c223e6cf0e0f5c1d990ad7204 
g8at3081 80adb1b92e61c2144cf1 1d3130f8","type":"RT_GROUP_| 
CON"}, {"chi2": 287.1999816894531 ,"entropy":4.121928215026855 
5,"filetype":"Data","lang":"NEUTRAL","sha256":"7b87886369e0cb 
a82d0ba70c9e98f37aeaac26a5c0e4246bad7e1 6f4badf5758" VP 

e":"RT_GROUP_ICON"}, {"chi2": 236.0000457763672,"entropy":4. 
321928024991 992. "filetype":"Data","lang":"NEUTRAL","sha256": : 
4f7bc41bc2e2526f81 8e6c0f1 ebbfdd42e701556a1 c8faf148t794b6 
a028cd1f","type":"RT_GROUP_ICON"}],"resource_langs":{"CHIN 
ESE TRADITIONAL": 14" "NEUTRAL":"51","NEUTRAL 
DERAULI 3 "ENGLISH US": ey "CHINESE 
SIMPLIFIED":"15"},"resource_types":{"BIN":"1","RT_DIALOG":"27 
"\"RT_GROUP_CURSOR":"1","RT_ICON": neyl "RT_STRING":"20 
""RT_MENU":"9","RT. BITMAP": "4" "RT CURSOR™: "2","RT_GRO 
UP_| ICON Eset "sections": [{"chi2":- 
1.0,"entropy":0.0,"flags":"rwx","md5":"d41 d8cd98f00b204e980099 
8ecf8427e", "name": "UPXO", "raw size":"0","virtual_address":"4096 
""virtual_size":"1277952") {"chi2":1513588.88,"entropy":7.84,"flag 
s": "rwx","md5":"7fba3967 1 1f998e1d30ba95bd6 1 6bd87", "name":"U 
RBXile "Taw size":"2612736","virtual_address":"1282048","virtual_si 
ze": "2613248", {"chi2": 687146.5,' ‘entropy":4.93,"flags": "rWX", "md5" 

:"208cbab9a71ca503b7f396e3530f1090","name":".rsrc", "raw size 

":"12288","virtual_address":"3895296", "virtual_size":"81 920"), ti m 
estamp":"1468018953"},"ssdeep":"49 152:qeUNXa7zGOCJUD7QMJ 
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estamp":"1468018953"},"ssdeep":"49152:qeUNXa7zGOCJD7QMJ 
NU/JkOgAgm9Xu2ctraTo4Yhre1010d2KhkQXFhi+NO:qe2XkiJHQ! 
NlvVgm99c1aTQoow1FhiSO","trid":[{"file_type":"Win32 Executable 
(generic)","probability":52.9},{"file_type":"Generic Win/DOS 
Executable","probability":23.5},{"file_type":"DOS Executable 
Generic", "probability":23.5}]},"id":"8e896c58a8d54b5773782a8dd9 
3529c842ed27f6a9dbbe32afdd0ea98b58dbd1","links":{"self":"http 
s://www.virustotal.com/api/v3/files/8e896c58a8d54b5773782a8dd 
93529c842ed27f6a9dbbe32afdd0ea98b58dbd1"},"type":"file"} 
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{"attributes":{"creation_date":"1542344584" "first_submission_date 
"-"1618395387","last_analysis_date":"1618395387","last_analysis 
_results": {"Bkav": {"category":"undetected","engine_| name": "Bkav"," 
engine_update":"20210413","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_ name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist”,"result":"malicious (high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210414","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"}, "FireEye": {"category":"malicious","engine_name 
""FireEye","engine_update":"20210414","engine_version":"32.44. 
1.0","method":"blacklist","result": "Generic. mg.c72699d08414247e" 
i. "CAT-QuickHeal": {"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210414" "engine. version":"14.00" 
,"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"ALYac":{"cat 
egory": "malicious" "engine name":"ALYac","engine_update":"202 
10414","engine_version":"1.1.3.1","method":"blacklist","result":"Ge 
n:Variant. Application.Bundler. DownloadGuide. 48"}, "Cylance" {"cat 
egory":"undetected","engine_name":"Cylance","engine_update":"2 
0210414","engine_' version":"2.3.1. 101","method":"blacklist"},"VIPR 
E":{"category":"malicious","engine_name":"VIPRE","engine_updat 
e":"20210414","engine_version":"91 820","method":"blacklist’,"resu 
it" "Trojan.Win32.Generic!BT"},"SUPERAntiSpyware":{"category":" 
malicious","engine_name":"SUPERAntiSpyware","engine_update" 
:"20210409","engine_version":"5.6.0.1032","method":"blacklist","re 
sult":"Adware. Downloader/Variant"},"Sangfor":{"category":"malicio 
us","engine_name":"Sangfor","engine_update":"20210402","engin 
eC version":"2.9.0. 0","method": "blacklist",""result":"Win.Malware.Do 
wnloadguide-6803841 - 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210414" "engine. version":"11.176.36921 
""method":"blacklist","result":"Riskware ( 0040eff71 
‘%, "Alibaba":{"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5", "method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210414","engine_version":"11.176.36921", "me 
thod":"blacklist","result":"Riskware ( 0040eff71 
yale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 084142'y, "Baidu": {"category": "U 
ndetected","engine_name":"Baidu","engine_update":"20190318"," 
engine_ version":"1.0.0.2", "method": "blacklist"},"Cyren": "category" 
"malicious","engine_ name": "Cyren","engine_update":"20210414", 
"engine _ version":"6.3.0.2","method":"blacklist","result":"W32/S- 
58b25de1 !Eldorado"}, "SymantecMobilelnsight”: {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name": "Symantec","eng 
ine_update":"20210414","engine_version":"1.14.0.0","method":"bla 
cklist","result":"PUA. DownloadSponsor"t, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210414","engine_version":"23130"," 
method":"blacklist","result":"a variant of Win32/DownloadGuide.D 
potentially 
unwanted"},"APEX":{"category":"undetected","engine_name":"AP 
EX","engine_update":"20210413","engine_version":"6.152","metho 
d":"blacklist"},"Avast":{"category":"undetected","engine_name":"Av 
ast","engine_update":"20210414","engine_| version™:"21.1.5827. OY 
method":"blacklist"},"ClamAV":{"category":"malicious","engine_na 
me":"ClamAV","engine_update":"20210413","engine_| version": wOR 
03.2.0","method":"blacklist","result":"Win.Malware.Downloadguide- 
6803841- 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210414" "engine_version":"21 .0.1.45","met 
hod":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"BitDefen 
der":{"category":"malicious","engine_name":"BitDefender","engine 
_update":"20210414","engine_version":"7.2","method":"blacklist","r 
esult":"Gen:Variant.Application.Bundler. DownloadGuide.48"},"NA 
NO-Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210414","engine_version":"1.0.146. 
25279","method":"blacklist","result":"Riskware.Win32.Covus. Wate 
},"Paloalto":{"category":"undetected","engine_name":"Paloalto","e 
gine_update":"20210414","engine_version":"1.0","method": "placklt 
st"},"ViRobot":{"category":"undetected","engine_name":"ViRobot"," 
engine_update":"20210414","engine_version":"2014.3.20.0", "meth 
od":"blacklist"},"Tencent":{"category":"undetected","engine_name": 


od":"blacklist"},"Tencent":{"category":"undetected","engine_name": 
"Tencent","engine_update":"20210414","engine_version":"1.0.0.1" 
,"method":"blacklist"},"Ad- 
Aware" :{"category":"malicious","engine_name":"Ad- 
Aware","engine_update": "20210414", "engine_version":"3.0.16.117 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"}, "Trustlook": {"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
414","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
""20210414","engine_version":"2021 -04- 
14.02","method":"blacklist"},"Emsisoft":{"category":"malicious","en 
gine_ name": "Emsisoft","engine_update":"20210414","engine_ vers 
ion":"2018.12.0.1641","method":"blacklist","result": "Gen:Variant. Ap 
plication.Bundler. DownloadGuide.48 
(B)"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210414" “"engine_version":"33437","method":" 
blacklist","result": "Application. Win32. DownloadGuide.A@7y5gwx"} 
,"F-Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210414","engine_version":"7.0 
-49.9080", "method": "blacklist","result": "Adware.ClickMeln. 9588"}," 
Zillya":{"category":"malicious","engine_name":"Zillya","engine_upd 
ate":"20210413","engine_version":"2.0.0.4340","method":"blacklist 
""result":"Backdoor.Bladabindi.Win32.18541"},"TrendMicro":{"cate 
gory”: "undetected","engine_name":"TrendMicro","engine_update": 
"20210330","engine_version":"11.0.0.1006","method":"blacklist"}," 
McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210414", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32. Suspicio 
us.hh"},"MaxSecure":{' 'category": "malicious","engine_name":"Max 
Secure","engine_update":"20210414","engine_version":"1.0.0.1"," 
method": "blacklist","result":"Trojan. Malware.121218. susgen'}, "Tra 
pmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" ."method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate": "20210414","engine_version":"1.0.2.0","method":"blacklist", 
"result":"DownloadGuide 
(PUA)"},"Ikarus":{"category":"malicious",""engine_name":"Ikarus","e 
ngine_update":"20210414","engine_ version":"0.1.5. 2","method": "bl 
acklist","result":"PUA.DownloadGuide"},"GData": {"category": "malic 
ious" "engine _ name":"GData","engine_update":"20210414","engin 
e_version":"A:25.29316B:27.22653","method":"blacklist", "result":" 
Win32.Application.DownloadGuide. T"}, "Jiangmin":{' 'category": "mal 
icious","engine_name":"Jiangmin","engine_update":"20210413","e 
ngine_version":"16.0.100","method":"blacklist","result": anigwnlogde 
r.DownloaderGuide.agk"}, "Webroot": {"category":"undetected","eng 
ine_name":"Webroot","engine_update":"20210414","engine_versio 
n":"1.0.0.403","method":"blacklist"},"Avira":{"category":"undetected 
" ,"engine_| name":"Avira" ,"engine_update":"20210414","engine_ver 
sion":"8.3.3.12","method":"blacklist"},"Antiy- 
AVL": {"category": "undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod": "blacklist’}, "Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210414","engine_version":"2017. 
9. 26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210414","engine_ 
version":"1.0.37.128", "method": "placklist","result": "Adware.Win32. 
Downloader.vb!s1"}, "Arcabit": {"category":"malicious","engine_nam 
e":"Arcabit","engine_update":"20210414","engine_version":"1.0.0. 
881 ""method":"blacklist","result":"Trojan.Application.Bundler. Dow 
nloadGuide. 48"}, "AegisLab”: {"category":"undetected","engine_na 
me":"AegisLab","engine_update":"20210414","engine_version":"4. 
2","method":"blacklist"},"ZoneAlarm": "category": "undetected","eng 
ine_name":"ZoneAlarm","engine_update":"20210414","engine_ver 
sion":"1.0","method":"blacklist"},"Avast-Mobile":{"category":"type- 
unsupported", "engine_name":"Avast- 
Mobile","engine_update":"20210414","engine_version":"210414- 
00","method":"blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210414","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "PUA:Win32/Downlo 
adGuide’’, "Cynet": {"category": "malicious" ,"engine_name":"Cynet", 
"engine_update":"20210412","engine_version":"4.0.0.27","method 


"engine_update":"20210412","engine_version":"4.0.0.27","method 
"""blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 4" "engine_version":"3.19.7.10132" 
,"method":"blacklist","result":" PUP/Win32. DownloadGuide.R24528 
9"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_version":"1.1.1.81","method":" 
blacklist"},"McAfee":{"category":"malicious","engine_| name":"McAf 
ee","engine_| update": "20210414","engine_version":"6.0.6.653","m 
ethod":"blacklist","result":" PUP- 
FXK"},"MAX": {"category": "malicious","engine_name":"MAX","engin 
e_update":"20210414","engine__ version":"2019.9.16.1","method":" 
blacklist","result": "malware (ai 
score\u003d79)"}, "VBA32":{"category":"malicious","engine_name": 
"VBA32","engine_update":"20210414","engine_version":"5.0.0","m 
ethod": "blacklist", "result":"Downloader.DownloaderGuide"},"Malwa 
rebytes":{"category":"malicious","engine_name":"Malwarebytes","e 
ngine_update":"20210413","engine_version":"4.2.1.18","method": ” 
blacklist","result":"Adware.Downloader"},"Zoner":{"category":"unde 
tected","engine_name":"Zoner","engine_update":"20210413","engi 
ne_version":"0.0.0.0","method":"blacklist"},"TrendMicro- 
HouseCall": i 'category": "undetected","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210414","engine_version":"10.0.0 
.1040", "method": "blacklist"},"Rising":{"category":"malicious","engin 
e_name":"Rising","engine_| update": "20210414","engine_version":" 
25.0.0.26","method":"blacklist","result":"Adware. DownloadGuide!1. 
A1DB 
(RDMK:cmRtazoekWvSNMJPMSQaRHTxbz3i)"},"Yandex":{"categ 
ory":"malicious","engine_name":"Yandex","engine_update":"20210 
413","engine_ version":"5.5.2. 24","method":"blacklist","result": "Troj 
an. GenAsa!4hPael7leTc"}, "SentinelOne": {"category":"malicious",' 
engine_name":"SentinelOne","engine_update":"2021021 5"."engin 
e_version":"5.0.0.20", "method": "placklist","result":"Static Al - 
Malicious 
PE"},"eGambit":{"category":"malicious","engine_name":"eGambit", 
"engine_update":"20210414", "method":"blacklist’,"result":"Unsate. 
Al_Score_100%"},"Fortinet":{"category":"malicious","engine_name 
":"Fortinet","engine_update":"20210414" "engine_version":"6.2.14 
2.0","method":"blacklist","result":"Riskware/DownloaderGuide"},"Bi 
tDefenderTheta": "category": "undetected","engine_name":"BitDefe 
nderTheta","engine__ update": "20210402" ,"engine_| version":"7.2.37 
796.0","method":"blacklist"},"Panda":{"category":"undetectea", "eng 
ine_name":"Panda","engine_update":"20210413","engine_version" 
"4.6.4.2","method": "blacklist"}, "CrowdStrike":{"category":"maliciou 
s" engine. name":"CrowdStrike","engine_update":"20210203","en 
gine_version":"1.0","method": "blacklist", "result":"win/malicious_co 
nfidence_100% (D)"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210414","engine_version":"1.0.0.1120"," 
method":"blacklist","result":" HEUR/QVM1 0.1.942D.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":45,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":24},"last_modification_date":"161850 
2834","last_submission_date":"1618395387","md5":"c72699d0841 
4247e882a2582c0eea26a","meaningful_name":"20193940","nam 
es":["20193940"],"reputation":"0","sha1":"ae0eeb8b8a72812028fa 
758d935907972450f4ad","sha256":"0e8ada682fc995c7667ef30fd 
6f00fccb3cfceded9 1 9ff535bd4d954ff3140b8","size":"559896","tag 
s"["peexe","signed","overlay","direct-cpu- -clock- access","checks- 
network-adapters","runtime- 
modules"],"times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_« description’ ""Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"05505665 
7d15555091z21280064728015z301 0036fz", "authentihash":"9271a 
2b8572d7d1 1af29bb65 1 5ae2e9d66b1bc972427f1ad2d4eabe2c38 
e306a","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"85052","imphash":"c581e778ba559d8 
e6a1073ed4b1 45b6F","import_list":[{"imported_functions":["GetSav 
eFileNameW","GetOpenFileNameW"],"library_name":"COMDLG3 
2.dll"},{"imported_functions":["GetDeviceCaps","DeleteDC","Select 
Object","GetStockObject","CreateSolidBrush","GetObjectW","Crea 
teCompatibleDC","DeleteObject"],"library_name":"GDI32.dll"},{"im 
ported_functions":["Shell_NotifylconW","CommandLineToArgvW", 


ported_functions":["Shell_NotifylconW","CommandLineToArgvW", 
"DoEnvironmentSubstW"},"library_name":"SHELL32.dll"},{"importe 
d_functions":["GetStdHandle","InterlockedPopEntryS_List","WaitFor 
SingleObject","EncodePointer","DeleteCriticalSection","GetCurrent 
Process","GetConsoleMode","LocalAlloc","FreeEnvironmentString 
sW","SetStdHandle","GetCPiInfo","WriteFile","GetSystemTimeAsFi 
leTime","HeapReAlloc","GetStringTypeW","FreeLibrary", "Interlock 
edPushEntrySList","LoadResource","FindClose","InterlockedDecr 
ement","GetFullPathNameW","DebugBreak","SetLastError","TlsG 
etValue","OutputDebugStringW","GetModuleFileNameW","|sDebu 
ggerPresent","HeapAlloc","IstrempiW","HeapSetInformation","Unh 
andledExceptionFilter","LoadLibraryExW","MultiByte ToWideChar", 
"SetFilePointerEx","FlushInstructionCache","SetUnhandledExcepti 
onFilter","MulDiv", "IsProcessorFeaturePresent”, "DecodePointer"," 
TerminateProcess", "GlobalAlloc", "SetEndOfFile", "GetCurrentThre 
adid","LeaveCriticalSection","WriteConsoleW", "InitializeCriticalSec 
tionAndSpinCount","HeapFree","EnterCriticalSection","SetHandle 
Count","LoadLibraryW","GetOEMCP","QueryPerformanceCounter 
""GetTickCount","TIlsAlloc","FlushFileBuffers","LoadLibraryA","Rtl 
Unwind","GetFileSize","GetStartupInfoW","GlobalLock","GetProce 
ssHeap","GetTempFileNameW","FindNextFileW","FindFirstFileW", 
"IstrcmpW","GetProcAddress","CreateEventW","CreateFileW","Ge 
tFileType","TlsSetValue","ExitProcess","InterlockedIncrement","Ge 
tLastError","LCMapStringW","IstrlenA","GetConsoleCP","GetEnvir 
onmentStringsW","GlobalUnlock","IstrlenW","SizeofResource","Ge 
tCurrentProcessld","GetCommandLineW","WideCharToMultiByte" 
,"HeapSize","InterlockedCompareExchange","RaiseException","M 
apViewOfFile","TlsFree","SetFilePointer","ReadFile","CloseHandle 
""GetACP","GetModuleHandleW","GetFileAttrioutesExW'","IsValid 
CodePage","HeapCreate","FindResourceW","VirtualFree","Sleep", 
"VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_function 
s"["LoadRegTypeLib","VariantChangeType","SysStringLen","Sys 
StringByteLen","VarBstrCat","VariantClear","SysAllocString","OleC 
reateFontlindirect","DispCallFunc","VariantCopy","LoadTypeLib","S 
ysFreeString","SysAllocStringByteLen","Variantinit","VarUl4FromS 
tr’],"library_name":"OLEAUT32.dll"},{"imported_functions":["RegCr 
eateKeyExW","RegDeleteValueW","RegCloseKey","RegSetValue 
ExW","RegQuerylInfokKeyW","RegEnumKeyExW","RegOpenKeyEx 
W","RegDeleteKeyW","RegQueryValueExW'"J,"library_name":"AD 
VAPI32.dll"},{"imported_functions":["CreateStreamOnHGlobal","Ol 
eLockRunning","Olelnitialize","CoTaskMemRealloc","CoCreatelnst 
ance","OleUninitialize","CoTaskMemFree","CoTaskMemAlloc’],"lib 
rary_name":"ole32.dll"},{"imported_functions":["PathFileExistsW"]," 
library_name":"SHLWAPI.dIl"},{"imported_functions":["SetFocus"," 
RegisterWindowMessageW","GetMonitorInfoW","GetClass|InfoEx 
W","RedrawWindow","BeginPaint","DefWindowProcW","KillTimer", 
"GetMessageW","ShowWindow","MapWindowPoints","GetParent" 
,"SetWindowLongW","IsWindow","PeekMessageW","GetWindowR 
ect","EndPaint","UpdateWindow","MoveWindow","SetWindowPos" 
,"TranslateMessage","GetWindowTextLengthW","PostMessageW" 
,"GetSysColor","DispatchMessageW","GetDC","ReleaseDC","Sen 
dMessageW","UnregisterClassA","GetWindowLongW","|sWindow 
Visible" ,"SetWindowTextW","GetDigltem","GetWindow","Loadima 
geW","MonitorFromWindow","ClientToScreen","InvalidateRect","S 
etTimer","CallWindowProcW","GetClassNameW","FillRect","Creat 
eAcceleratorTableW","GetWindowTextW","GetDesktopWindow"," 
LoadCursorW","LoadiconW","GetFocus","CreateWindowExW","R 
egisterClassExW","GetClientRect","CharNextW","IsChild","Destro 
yWindow"],"library_name":"USER32.dll"}],"machine_type":"332","0 
verlay":{"chi2":6461.5634765625,"entropy":7.58278942 1081543, "fi 
letype":"Data","md5":"413352a3580631315e697 1f4f8085065", "off 
set"""552960","size":"6936"},"resource_details":[{"chi2":206692.81 
25,"entropy":5.39431 0474395752, "filetype":"Data","lang":"NEUTR 
An "sha256":"abcb0193ed76d190556c3748 1 36be9e0230f2bf5e2 
44d104d00ac77d921068ac", "type":"RT. _ICON"}, {"chi2":80781.078 
125,"entropy":5.588585376 739502, "filetype":"Data","lang":"NEUT 
RAL","sha256":"cd664a1691a50e28a0fac9b54318be7be51dédi1e 
6383b777e32b654e04ab5305", "type":"RT_ICON"}, {"chi2": 15863.7 
744140625,"entropy" '5.92164373397827 15,"tiletype": "Data","lan 
""NEUTRAL","sha256":"149e1228109b9cd360242bfe031 coef49e 
4628287c7b78c7578ba69a878ali49", "type":"RT_ICON"},{"chi2":3 
685.33251953125,"entropy":2.4584920406341553, "filetype":"Data 
""lang":"NEUTRAL","sha256":"77a1 efb61 36152dd2372987b1 tts 
86aa75baeacb93bad009aa3e284c57b8694","type":"RT_GROU 
ICON"},{"chi2":19078.84765625,"entropy":2. 966618061065674, va 
etype":"Data","lang":"N EUTRAL", "sha256""ddee1 9afcc2b01d589 
ef6ffdat ad{3d29b7edfcb9ae22ca4d39ce46f6ba76752","type":"RT 
_VERSION'"},{"chi2":3945.59 1796875,"entropy":4.8845167160034 


_VERSION"},{"chi2":3945.591796875,"entropy":4.8845167 160034 
18,"filetype":"application/xml","lang":"NEUTRAL","sha256":"82816 
c86a72cc9cc615c7a4835862ce780b83379b32a91 7a65b59c2b2a 
13b94f" ,"type":"RT_MANIFEST"}],"resource_langs":{"NEUTRAL":" 
6" ue resource_types":{"RT_ICON":"3","RT_GROUP_ICON":"1","RT 
RSION":"1"""RT_MANIFEST":"1"},"sections":[{"chi2":191 6618. 
75, Tepe 6.56 ,"flags":"rx","md5":"66f0890b68 15e40e6282ea45 
1878b382","name":".text", "raw | size":"361472","virtual_address":"4 
096", "virtual | size": "361286", {"chi2":890169. 38," ‘entropy":7.29,"fla 
OSitetaeumel Sie "d8a20660cb464e3dff63162da0282331" ,"name":".rda 
tage sere size":"138240","virtual_address":"368640", "virtual | size":" 
137808"},{"chi2":730928.75,"entropy":3.94 "flags": "rw", "md5":"7b3 
35a4c050ac3f0c981d08e158d44de", "name":".data","raw_size":"87 
04","virtual_address":"507904","virtual_size":"1 8560"),{"chi2":3640 
92.38,"entropy":5.49,"flags":"r","md5":"7bbdeccccOcf96f0d750210 
77ab6b11 0","name":".rsrc", "raw size":"16384","virtual_address":"5 
28384", "virtual |_ size": "16064"}, {"chi2":517750. 28," ‘entropy":5.83,"fl 
ags":"r","md5":"37fa0adc7813e1 f2f485deec07d8b5eb", "name":".re 
loc", "raw! size":"27136","virtual_address":"544768", "virtual | size":" 
26894"}],"timestamp":"1542344584"},"signature_info":{"signers":" 
WeQ Influencers GmbH; Sectigo RSA Code Signing CA; 
USERTrust RSA Certification Authority; Sectigo (AAA)","signers 
details":[{"algorithm":"sha256RSA","cert issuer":"Sectigo RSA 
Code Signing CA","name":"WedQ Influencers GmbH","serial 
number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 31 D3 7A 
4F","status":"Valid","thumbprint":"CC4AD630AA5C31B407D96FF 
50DC8445F76BEF5EC", "valid from":"12:00 AM 03/17/2021","valid 
to":"11:59 PM 03/17/2022","valid usage":"Code 
Signing"},{"algorithm": "sha384RSA","cert issuer":"USERTrust RSA 
Certification Authority","name": "Sectigo RSA Code Signing 
CA","serial number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 
33 D3 
6A","status":"Valid","thumbprint":"94C95DA1E850BD85209A4A2A 
F3E1FB1604F9BB66","valid from":"12:00 AM 11/02/2018","valid 
to":"11:59 PM 12/31/2030","valid usage":"Code Signing, 
Timestamp Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA 
Certificate Services","name":"USERTrust RSA Certification 
REET serial number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 
95","status":"Valid","thumbprint":"D89E3BD43D5D909B47A1 8977 
AA9D5CE36CEE184C", "valid from":"12:00 AM 03/12/2019","valid 
to":"11:59 PM 12/31/2028","valid 
usage":"All"},{"algorithm":"sha1RSA","cert issuer":"AAA Certificate 
Services","name": "Sectigo (AAA)", "serial 
number": code "status":"Valid","thumbprint":"D1 Seay ae aac 
D92564C2F1F1601 764D8E349", "valid from":"12:00 A 
01/01/2004","valid to":"11:59 PM 12/31/2028","valid ieapeCIent 
Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC 
User, Server Auth, Timestamp Signing"}],"signing date":"10:17 AM 
04/14/2021","verified":"Signed","x509":[{"algorithm":"sha1 RSA","c 
ert issuer":"AAA Certificate Services","name":"AAA Certificate 
Services","serial 
number":"01" ,"thumbprint":"D1EB23A46D17D68FD92564C2F1F1 
601764D8E349","valid from":"2004-01-01 00:00:00","valid 
to":"2028-12-31 23:59: 59"},{"algorithm": "sha256RSA", "cert 
issuer":"Sectigo RSA Code Signing CA","name":"WeQ Influencers 
GmbH","serial number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 
31 D3 7A 
4F","thumbprint":"CC4AD630AA5C31B407D96FF50DC8445F76B 
EF5EC","valid from":"2021-03-17 00:00:00","valid to":"2022-03-17 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA Certificate 
Services","name":"USERTrust RSA Certification Authority","serial 
number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 
95","thumbprint":"D89E3BD43D5D909B47A18977AA9D5CE36CE 
E184C","valid from":"2019-03-12 00:00:00","valid to":"2028-12-31 
23:59:59"} {"algorithm":"sha384RSA","cert issuer":"USERTrust 
RSA Certification Authority","name":"Sectigo RSA Code Signing 
CA","serial number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 
33 D3 


6A","thumbprint":"94C95DA1 E850BD85209A4A2AF3E1FB1604F 
9BB66","valid from":"2018-11-02 00:00:00","valid to":"2030-12-31 
23:59:59","valid_usage":"Code Signing, Timestamp 
Signing"}]},"ssdeep":"12288:l4fmuV/2SII11 MCAHab51I0OWozQsmkn 
Y87Z1 EPcIMkc9A7Z2:l42DMCA6b5fWQmknY87LEPcl9n","trid" -[{ 
"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
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(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 
(generic)","probability":7.0}]},"id":"0e8ada682fc995c7667ef30fd6f0 
Ofccb3ciceded91 9ff535bd4d954ff3140b8","links":{"self":"https://ww 
w.virustotal.com/api/v3/files/Oe8ada682fc995c7667ef30fd6f00fccb 
8cfceded91 9ff535bd4d954ff3 1 40b8"},"type":"file"} 
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{"attributes":{"creation_date":"1542344584" "first_submission_date 
"-"1618878038","last_analysis_date":"1618878038","last_analysis 
_results": {"Bkav": {"category":"undetected","engine_| name”: "Bkav"," 
engine_update":"20210419","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_ name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist”,"result":"malicious (high 
confidence)"}, “DrWeb": {"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210419","engine_version":"7.0.49.9080 
""method":"blacklist","result":"Adware.ClickMeIn.9588"},"MicroWo 
rid-eScan" "category": "malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210419","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"},"FireEye":{"category":"malicious","engine_name 
ae Ghee ‘engine_update":"20210419","engine_ version":"32.44, 
HO "method": "blacklist","result": "Generic. mg. 518b6774c6cb08ca" 
ICAT- -QuickHeal": {"category": "malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210419","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"ALYac":{"cat 
egory": "malicious","engine_name":"ALYac","engine_update":"202 
10419","engine_version":"1.1.3.1","method":"blacklist","result":"Ge 
n:Variant.Application.Bundler. DownloadGuide. 48"}, "Cylance" {"cat 
egory":"undetected","engine_name":"Cylance","engine_update":"2 
0210420","engine_version":"2.3.1.101","method":"blacklist"},"VIPR 
E":{"category":"malicious","engine_| name":"VIPRE" ,"engine_updat 
e":"20210419","engine_version":"91954","method":"blacklist","resu 
it" "Trojan.Win32.Generic!BT"}, "SUPERAntiSpyware": {"category": ‘ 
malicious","engine_name":"SUPERAntiSpyware","engine_update" 
"2021041 6", "engine_version":"5.6.0.1032","method":"blacklist","re 
sult":"Adware.Downloader/Variant"},"Sangfor":{"category":"malicio 
us","engine_name":"Sangfor","engine_update":"20210416","engin 
e_version":"2.9.0.0","method":"blacklist","result":"Win. Malware.Do 
wnloadguide- -6803841 - 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210419" "engine_version":"1 1.176.36967 
""method":"blacklist","result":"Riskware ( 0040eff71 
ay "Alibaba": "category": "undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5","method":"bl 
acklist"},"K7GW"{"category":"malicious","engine_ name": "K7GW"," 
engine_update":"20210419","engine_version":"11.176.36968","me 
thod":"blacklist","result":"Riskware ( 0040eff71 
Vey "CrowdStrike”: {"category":"malicious","engine_name":"CrowdSt 
rike","engine_update":"20210203", "engine_version":"1 .0","method 
ms "blacklist", "result":"win/malicious_confidence_100% 
(D)"}, "BitDefenderTheta": {"category":"undetected","engine_name": 
"BitDefenderTheta","engine_update":"20210414","engine_version" 
“7. 2.37796.0", "method": "blacklist"},"Cyren":{"category":"malicious" 
,"engine_name":"Cyren","engine_update":"20210419","engine_ver 
sion”:"6.3.0. 2","method":"blacklist", result” "W32/S- 
58b25de1 IEldorado"’, "SymantecMobilelnsight”: {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec".{"category":"malicious","engine_name"."Symantec","eng 
ine_update":"20210419","engine_version":"1.14.0.0","method":"bla 
cklist","result":"PUA. DownloadSponsor't, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210419","engine_version":"23160"," 
method":"blacklist","result":"a variant of Win32/DownloadGuide.D 
potentially 
unwanted"},"Zoner":{"category":"failure","engine_name":"Zoner","e 
ngine_update":"20210419","engine_ version”:"0.0.0. 0","method": "| 
acklist"},"TrendMicro- 
HouseCall":{"category":"undetected","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210419","engine_version":"10.0.0 
-1040","method":"blacklist"},"Avast":{"category":"undetected" "engi 
ne_name":"Avast","engine_update":"20210419","engine_version": 
"21.1.5827.0","method":"blacklist"},"ClamAV":{"category": "maliciou 
s","engine_name":"ClamAV","engine_update":"20210419","engine 
_version":"0.103.2.0", "method": "blacklist","result":"Win. Maiware.D 
ownloadguide-6803841 - 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210419" engine_version":"21 .0.1.45","met 
hod":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"BitDefen 
der":{"category":"malicious","engine_name":"BitDefender","engine 
_update":"20210419","engine_version":"7.2","method":"blacklist","r 
esult": "Gen:Variant. Application. Bundler.DownloadGuide. 48"}, "NA 
NO-Antivirus":{"category":"malicious","engine_name":"NANO- 


NO-Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210419","engine_version":"1.0.146. 
25279","method": "blacklist","result": "Riskware.Win32.Covus. iS 
},"Paloalto":{"category": "undetected" ,"engine_name":"Paloalto","e 
gine_update":"20210420","engine_version":"1.0","methoa": "plackli 
st"},"AegisLab":{"category":"undetected","engine_name":"AegisLa 
b","engine_update":"20210419","engine_version":"4.2","method":" 
blacklist"},"Rising":{"category":"malicious","engine_| name": "Rising", 
"engine_update":"20210419","engine_version":"25.0.0.26","metho 
d":"blacklist","result":" Adware. DownloadGuide!1.A1DB 
(RDMK: cmRtazoekWvSNMJPMSQaRHTxbz3i)"t, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210419","engine_version":"3.0.16.117 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"}, "Trustlook": {"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
420","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
":"20210419","engine_version":"2021 -04- 
19.02","method":"blacklist"},"Emsisoft":{"category":"malicious","en 
gine_ name": "Emsisoft","engine_update":"20210419","engine_| vers 
ion":"2018.12.0.1641","method":"blacklist","result": "Gen:Variant. Ap 
plication.Bundler. DownloadGuide.48 
(B)"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210419", "engine_version"."33453","method":" 
blacklist","result": "Application. Win32.DownloadGuide.A@7y5gwx"} 
,"F-Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"Zillya":{"category":"malicious","engine_ 
name": "Zillya","engine_update":"20210419","engine_version":"2.0. 
0.4345","method":"blacklist","result": "Backdoor.Bladabindi.Win32. 
18541"},"TrendMicro":{"category":"undetected","engine_name":"Tr 
endMicro","engine_update":"20210330" "engine. version":"11.0.0. 
1006","method":"blacklist"},"McAfee-GW- 
Edition": {"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210419","engine_version":"v2019.1.2 
+3728", "method": "placklist","result": "BehavesLike.Win32. Suspicio 
us.hh"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"CMC":{" 
category”: "undetected","engine_| name":"CMC" ,"engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate": "20210419","engine_version":"1.0.2.0","method":"blacklist", 
"result":"DownloadGuide 
(PUA)"},"Ikarus":{"category":"malicious",""engine_name":"Ikarus","e 
ngine_update":"20210419","engine_ version":"0.1.5. 2","method": "bl 
acklist","result":"PUA.DownloadGuide"},"GData": {"category": "malic 
ious" "engine _ name":"GData","engine_update":"20210419","engin 
e_version":"A:25.29375B:27.22720","method":"blacklist", "result":" 
Win32.Application.DownloadGuide. iy "Jiangmin":{' 'category": "mal 
icious","engine_name":"Jiangmin","engine_update":"20210419","e 
ngine_version":"16.0.100","method":"blacklist","result": "Dawnlogde 
r.DownloaderGuide.agk"}, "eGambit": {"category":"malicious","engin 
e_name":"eGambit","engine_update":"20210420","method":"blackl 
ist","result":"Unsafe.Al_Score_100%'"},"Avira":{"category":"undetec 
ted" ,"engine_name":"Avira","engine_update":"20210419","engine_ 
version":"8.3.3.12","method":"blacklist"},"Antiy- 
AVL":{"category": "undetected" ,"engine_name":"Antiy- 
AVL","engine_update":"20210419","engine_version":"3.0.0.1","met 
hod": "blacklist’}, "Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210420","engine_version":"2017. 
9. 26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210419","engine_ 
version":"1.0.37.128", "method": "placklist","result": "Adware.Win32. 
Downloader.vb!s1"}, "Arcabit": {"category":"malicious","engine_nam 
e":"Arcabit","engine_update":"20210419","engine_version":"1.0.0. 
881 ""method":"blacklist","result":"Trojan.Application.Bundler. Dow 
nloadGuide.48"},"ViRobot":{"category":"undetected","engine_nam 
e":"ViRobot","engine_update":"20210419","engine_version":"2014. 
3, 20.0", "method": "blacklist"},"ZoneAlarm": {"category": "undetected" 
,"engine_name":"ZoneAlarm","engine_update":"20210419","engin 
e. version":"1.0","method": "blacklist"}, "Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210419","engine_version":"210419- 
00","method":"blacklist"},"Microsoft":{"category":"malicious","engin 


00", "method": "blacklist’}, "Microsoft" :{"category":"malicious","engin 
e_name":"Microsoft","engine_update":"20210419","engine_versio 
n”:"1.1.18000.5","method":"blacklist","result":"PUA:Win32/Downlo 
adGuide"), "Cynet”: {"category": "malicious" ,"engine_name":"Cynet", 
"engine_update":"20210412","engine_version":"4.0.0.27","method 
"""blacklist","result":"Malicious (score: 
100)"}, "BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update":" 
20200916" "engine _ version": "2. 0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 9","engine_version":"3.19.7.10132" 
,"method":"blacklist","result": "PUP/Win32. DownloadGuide. R24528 
9"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_ version":"1.1.1. 81","method":" 
blacklist"},"McAfee":{"category":"malicious","engine_| name":"McAf 
ee","engine_update":"20210419","engine_version":"6.0.6.653","m 
ethod":"blacklist","result":"PUP- 
FXK"},"MAX":{"category":"malicious","engine_name":"MAX","engin 
e_update":"20210420","engine_version":"2019.9.16.1","method":" 
blacklist","result":"malware (ai 
score\u003d77)"},"VBA32":{"category":"malicious","engine_name": 
"VBA32","engine_update":"20210419","engine_version":"5.0.0","m 
ethod":"blacklist","result":"Downloader.DownloaderGuide"},"Malwa 
rebytes":{"category":"malicious","engine_name":"Malwarebytes","e 
ngine_| update": "20210419","engine_version":"4.2.2.27","method": ” 
blacklist","result":"Adware. Downloader"},"APEX":{"category": "unde 
tected" "engine name":"APEX","engine_update":"20210419","engi 
ne _version": LOS On "method": "blacklist, "Tencent":{"category":"u 
ndetected"," ‘engine_name":"Tencent","engine_update":"20210420" 
engine version":"1.0.0. 1","method": "blacklist’?, "Yandex":{"catego 
y":"undetected","engine_| name":"Yandex", "engine_update":"2021 
04 5","engine_version":"5.5.2.24", "method": "placklist"},"SentinelO 
e":{' 'category”: "malicious", "engine name":"SentinelOne","engine 
“update” "20210215","engine_version":"5.0.0.20","method":"blackl 
ist","result":"Static Al - Malicious 
EH "MaxSecure": {"category":"malicious","engine_name":"MaxSe 
cure","engine_update":"20210417" "engine_version":"1 .0.0.1","me 
thod": "placklist","result":"Trojan.Malware. 121218.susgen"},"Fortine 
t":{"category": "malicious" ,"engine_name":"Fortinet","engine_updat 
e":"20210419","engine_version":"6.2.142.0","method":"blacklist","r 
esl" "Riskware/DownloaderGuide"}, "Webroot": {"category":"malici 
ous","engine_name":"Webroot","engine_update":"20210420","engi 
ne_version": "4.0.0.403" “method":"blacklist","result":"Pua.Freemiu 
m"},"Panda":{"category": "undetected","engine_name":"Panda","en 
gine_update":"20210419","engine_version":"4.6.4.2","method":"bla 
cklist"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"2021 0420","engine_version":"1 ORONO us 
method":"blacklist”,""result":"HEUR/QVM1 0.1.B2DB.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":1,"harmless":0,"malicious":44,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":23},"last_modification_date":"161898 
4923","last_submission_date":"1618878038","md5":"518b6774c6c 
b08cac76fc79294bcad02" ,"meaningful_ name":"518b6774c6cb08c 
ac76fc79294bcad02.virus","names":["518b6774c6cb08cac76ic792 
94bcad02.virus"], "reputation": "0" "sha1":"38ef4e45c1 8cb700b72dc 
dabc8e70b3139ad4b2d","sha256":"99d488492 1 df6b98cf3ca2aal 
31b4ca1aad7961ad5b0552167de684e0333df89","size":"559864"," 
pect ["peexe", "signed","overlay"],"times_submitted":"1 ""total_vot 
s":{"harmless":"0", "malicious": "O"},"type_description":"Win32 
EXE" ,"type_tag":"peexe","unique_sources":"1","vhash":"05505665 
7d15555091z212800647z80f5z3010036fz","authentihash":"7bb28 
ac19b7178f9ba409db32a40195e727b842cda2ec6tf2057fa7104e5 
49e2","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"85052","imphash":"c581e778ba559d8 
e6a1073ed4b1 45b6F","import_list":[{"imported_functions":["GetSav 
eFileNameW","GetOpenFileNameW"],"library_name":"COMDLG3 
2.dll"},{"imported_functions":["GetDeviceCaps","DeleteDC","Select 
Object","GetStockObject","CreateSolidBrush","GetObjectW","Crea 
teCompatibleDC","DeleteObject"],"library_name":"GDI32.dll"},{"im 
ported_functions":["RegCreateKeyExW","RegDeleteValueW","Reg 
CloseKey","RegSetValueExW","RegQueryInfokKeyW","RegEnumK 
eyExW","RegOpenkKeyExW","RegDeleteKeyW","RegQueryValueE 
xW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetS 
tdHandle","InterlockedPopEntrySList","WaitForSingleObject","Enc 
odePointer","DeleteCriticalSection","GetCurrentProcess","GetCon 


odePointer","DeleteCriticalSection","GetCurrentProcess","GetCon 
soleMode","LocalAlloc","FreeEnvironmentStringsW","SetStdHandl 
e","GetCPInfo","WriteFile","GetSystemTimeAsFileTime","HeapRe 
Alloc","GetStringTypeW","FreeLibrary","InterlockedPushEntrySList 
"""LoadResource","FindClose","InterlockedDecrement","GetFullPa 
thNameW","DebugBreak","SetLastError","TlsGetValue","OutputDe 
bugStringW","GetModuleFileNameW","|sDebuggerPresent","Heap 
Alloc","IstrempiW","HeapSetInformation","UnhandledExceptionFilt 
er","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx"," 
FlushInstructionCache","SetUnhandledExceptionFilter","MulDiv","| 
sProcessorFeaturePresent","DecodePointer","TerminateProcess", 
"GlobalAlloc","SetEndOfFile","GetCurrentThreadld","LeaveCritical 
Section","WriteConsoleW","InitializeCriticalSectionAndSpinCount", 
"HeapFree","EnterCriticalSection","SetHandleCount","LoadLibrary 
W","GetOEMCP","QueryPerformanceCounter","GetTickCount","TI 
sAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetFileSiz 
e","GetStartupInfoW","GlobalLock","GetProcessHeap","GetT empF 
ileNameW","FindNextFileW","FindFirstFileW","|strcmpW","GetProc 
Address","CreateEventW","CreateFileW","GetFileType","TlsSetVal 
ue","ExitProcess","InterlockedIncrement","GetLastError","LCMapS 
tringW","IstrlenA","GetConsoleCP","GetEnvironmentStringsW","Gl 
obalUnlock","IstrlenW","SizeofResource","GetCurrentProcessld"," 
GetCommandLineW","WideCharToMultiByte","HeapSize","Interloc 
kedCompareExchange","RaiseException","MapViewOfFile","TIsFr 
ee","SetFilePointer","ReadFile","CloseHandle","GetACP","GetMod 
uleHandleW","GetFileAttributesExW'","IsValidCodePage","HeapCr 
eate","FindResourceW","VirtualFree","Sleep","VirtualAlloc"],"librar 
y_name":"KERNEL82.dll"},{"imported_functions":["LoadRegTypeLi 
b","VariantChangeType","SysStringLen","SysStringByteLen","Var 
BstrCat","VariantClear","SysAllocString","OleCreateFontIndirect"," 
DispCallFunc","VariantCopy","LoadTypeLib","SysFreeString","Sys 
AllocStringByteLen","Variantlnit","VarUl4FromStr'],"library_name": 
"OLEAUT32.dll"},{"imported_functions":["Shell_NotifylconW","Com 
mandLineToArgvW","DoEnvironmentSubstW"],"library_name":"SH 
ELL32.dll"},{"imported_functions":["CreateStreamOnHGlobal","Ole 
LockRunning","Olelnitialize","CoTaskMemRealloc","CoCreatelnsta 
nce","OleUninitialize","CoTaskMemFree","CoTaskMemAlloc"],"libr 
ary_name":"ole32.dll"},{"imported_functions":["PathFileExistsW"],"| 
ibrary_name":"SHLWAPI.dIl"},{"imported_functions":["SetFocus"," 
RegisterWindowMessageW","GetMonitorlnfoW","GetClassInfoEx 
W","RedrawWindow","BeginPaint","DefWindowProcW","KillTimer", 
"GetMessageW","ShowWindow","MapWindowPoints","GetParent" 
,"SetWindowLongW","IsWindow","PeekMessageW","GetWindowR 
ect","EndPaint","UpdateWindow","MoveWindow","SetWindowPos" 
,"TranslateMessage","GetWindowTextLengthW","PostMessageW" 
,"GetSysColor","DispatchMessageW","GetDC","ReleaseDC","Sen 
dMessageW","UnregisterClassA","GetWindowLongW","|sWindow 
Visible" ,"SetWindowTextW","GetDigltem","GetWindow","Loadima 
geW","MonitorFromWindow","ClientToScreen","InvalidateRect","S 
etTimer","CallWindowProcW","GetClassNameW","FillRect","Creat 
eAcceleratorTableW","GetWindowTextW","GetDesktopWindow'"," 
LoadCursorW","LoadiconW","GetFocus","CreateWindowExW","R 
egisterClassExW","GetClientRect","CharNextW","IsChild","Destro 
yWindow"],"library_name":"USER32.dll"}],"machine_type":"332","0 
verlay":{"chi2":6487.34716796875,"entropy":7.583786487579346, 
"filetype":"Data","md5":"a94f03924e50eea0b50981 777b709af5","0 
ffset":"552960","size":"6904"},"resource_details":[{"chi2":206692.8 
125,"entropy":5.394310474395752,"filetype":"Data","lang":"NEUT 
RAL","sha256":"abcb0193ed76d190556c37481 36be9e0230f2bf5e 
244d104d00ac77d921 068ac","type":"RT. _ICON"}, {"chi2": 80781.07 
8125,"entropy" '5.588585376739502 ,"filetype":"Data","lang":"NEU 
TRAL","sha256":"cd664a1691a50e28a0fac9b5431 8be7be51d6d1 
e¢383b777e32b654e04ab5305" ,"type":"RT _|CON"}, {"chi2":15863. 
77441 40625,"entropy":5.9216437339782715,"filetype":"Data","lan 
g":"N EUTRAL","sha256":"149e12281 09b9cd360242bfe031c26149 
54628287c7b78c7578ba69a878af49", "type":"RT_ICON"},{"chi2": 
3685.33251953125,"entropy":2. 458492040634 1553, "filetype":"Dat 
a","lang":"NEUTRAL","sha256":"77a1efb61 36f52dd2372987b1 3bf 
486aa/Sbaeacb9abad009aa3e284c57b8604", "type":"RT_GROUP 
_ICON"},{"chi2":19078.84765625,"entropy":2.966618061065674,"f 
iletype":"Data","lang": "NEUTRAL","sha256":"ddee1 9afcc2b01d589 
ef6ffdat a4f3d29b7edfcb9ae22ca4d39ce46f6ba76752", "type":"RT 
_VERSION"}, {"chi2":3945.591796875,"entropy":4. 8845167160034 
18,"filetype":"application/xml","lang":"NEUTRAL","sha256":"82816 
86a72cc9cc6 15c7a4835862ce780b83379b32a9 1 7a65b59c2b2a 
13b94f" ,"type":"RT_MANIFEST"}],"resource_langs": Aa a 
6"},"resource_types":{"RT_ICON":"3","RT_MANIFEST":"1","RT_V 
ERSION":"1",""RT_GROUP_ICON":"1"},"sections":[{"chi2": 191661 


ERSION":"1","RT_GROUP_ICON":"1"},"sections":[{"chi2":191661 
S5y: entropy" :6.56,"flags":"rx","md5":"66fb890b6815e40e6282ea 
451 878b382", “name":" text", "raw size":"361472","virtual_address" 
"4096", "virtual_size": "361286"},{"chi2":890169.38,"entropy":7. ue i 
flags":"r","md5": ""d8a20660cb464e3dff63f62da0282331","name":". 
data", "raw size":"138240","virtual_address":"368640", "virtual ize 
me "137808", {"chi2": 730928.75 ,"entropy":3.94,"flags": "ew","md5":"7 
b335a4c050ac3f0c98 1d08e158d44de","name":".data", "raw size":" 
8704","virtual_address":"507904", "virtual_size":"1 8560"},{"chi2":36 
4092.38,"entropy":5.49,"flags":"r","md5":"7bbdeccccOcf96f0d7502 
1077ab6b1 1 0","name": ib -rsrc", "raw size":"16384","virtual_address" 
"528384", "virtual |_size":"16064"},{"chi2":517750.28,"entropy":5.83, 
“flags":"r" ,"md5":"87fa0adc7813e1 f2f485deec07d8b5eb","name":". 
reloc", "raw size":"27136",'"virtual_address":"544768", "virtual size" 
"26894")], "timestamp": "4542344584"}, "signature_| info": {"signers":" 
WeQ Influencers GmbH; Sectigo RSA Code Signing CA; 
USERTrust RSA Certification Authority; Sectigo (AAA)","signers 
details":[{"algorithm":"sha256RSA", "cert issuer":"Sectigo RSA 
Code Signing CA","name":"WeQ Influencers GmbH","serial 
number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 31 D3 7A 
4F","status":"Valid","thumbprint":"CC4AD630AA5C31B407D96FF 
50DC8445F76BEF5EC", "valid from":"12:00 AM 03/17/2021","valid 
to":"11:59 PM 03/17/2022","valid usage":"Code 
Signing"},{"algorithm": "sha384RSA", "cert issuer":"USERTrust RSA 
Certification Authority","name": "Sectigo RSA Code Signing 

ee well number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


6A","status":"Valid","thumbprint":"94C95DA1E850BD85209A4A2A 
F3E1FB1604F9BB66","valid from":"12:00 AM 11/02/2018","valid 
to":"11:59 PM 12/31/2030","valid usage":"Code Signing, 
Timestamp Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA 
Certificate Services","name":"USERTrust RSA Certification 
Authority","serial number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 
DD 31 35 
95","status":"Valid","thumbprint":"D89E3BD43D5D909B47A1 8977 
AA9D5CE36CEE184C", "valid from":"12:00 AM 03/12/2019","valid 
to":"11:59 PM 12/31/2028","valid 
usage":"All"},{"algorithm":"sha1RSA","cert issuer":"AAA Certificate 
Services","name":"Sectigo (AAA)", "serial 
number":"01","status":"Valid","thumbprint":"D1 Rae 7D68F 
D92564C2F1F1601764D8E349","valid from":"12:00 A 
01/01/2004","valid to":"11:59 PM 12/31/2028","valid orn 
Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC 
User, Server Auth, Timestamp Signing"}],"signing date":"12:21 AM 
04/20/2021", "verified":"Signed","x509":[{"algorithm":"sha1 RSA","c 
ert issuer":"AAA Certificate Services","name":"AAA Certificate 
Services","serial 
number":"01","thumbprint":"D1EB23A46D17D68FD92564C2F1F1 
601764D8E349","valid from":"2004-01-01 00:00:00","valid 
to":"2028-12-31 23:59:59"},{"algorithm”": "sha256RSA", "cert 
issuer":"Sectigo RSA Code Signing CA","name":"WeQ Influencers 
ome ce number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 
4F","thumbprint":"CC4AD630AA5C31B407D96FF50DC8445F76B 
EF5EC", "valid from":"2021-03-17 00:00:00","valid to":"2022-03-17 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA Certificate 
Services","name":"USERTrust RSA Certification Authority","serial 
number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 
95","thumbprint":"D89E3BD43D5D909B47A18977AA9D5CE36CE 
E184C","valid from":"2019-03-12 00:00:00","valid to":"2028-12-31 
23:59:59"} {"algorithm":"sha384RSA","cert issuer":"USERTrust 
RSA Certification Authority","name":"Sectigo RSA Code Signing 
ee number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


6A","thumbprint":"94C95DA1 E850BD85209A4A2AF3E1FB1604F 
9BB66","valid from":"2018-11-02 00:00:00","valid to":"2030-12-31 
23:59:59","valid_usage":"Code Signing, Timestamp 
Signing"}]},"ssdeep":"12288:W4fmuV/2SIl1MCAHab5I0OWozQsmk 
nY87Z1 EPcIMkc9A7Z2:W42DMCA6b5fWQmknY87LEPcl9n","trid 
"[{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 

(generic)","probability":7.0}]},"id":"99d4884921 df6b98cf8ca2aal1 31 
b4ca1aad7961ad5b0552167de684e0333df89","links":{"self":"https 


b4ca1aad7961ad5b0552167de684e0333df89","links":{"self":"https 
‘//www.virustotal.com/api/v3/files/99d4884921 df6b98cf3ca2aal 31 
b4ca1aad7961ad5b0552167de684e0333df89"},"type":"file"} 


View on VirusTotal 


GUI Url: 
https://www. virustotal.com/gui/file/99d4884921 df6b98cf3ca2aa131b4ca1aad7961ad5b0552167de68 
4e0333df89 


File Summary 


Names 518b06774c6cb08cac76fc79294bcad02. virus 
File Type peexe 

File Type Description Win32 EXE 

Tags peexe, signed, overlay 

Times Submitted 1 


TrID - file type identification tool 


File Type Probability % 
Win32 Executable MS Visual C++ (generic) 48.8 

Win64 Executable (generic) 16.4 

Win32 Dynamic Link Library (generic) nee 

Win16 NE executable (generic) 7.8 

Win32 Executable (generic) 7.0 


VirusTotal Analysis Summary 
Aggregate Result malicious - 44 / 73 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 1 

Harmless 0 

Malicious 44 

Suspicious 0 

Timeout 0 

Type Unsupported 5 

Undetected 23 


Total 73 


Community Votes 
Total votes cast: 0 
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ry VirusTotal File 
@ maltego.virustotal.File 


3035ae462a941 06ef40d74b3e219c618.virus 


108 


Weight 
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File Id 
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File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 


SSDEEP 
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File Size 
Tags 


Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
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0 
3035a6462a941 06ef40d74b3e219c618.virus 


bc0c5d8bf40673200246137927121b738190043a5ded8c1 3cfb0ed 
92340dd5eb 
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PEEXE 

Win32 EXE 

3035ae462a941 06ef40d74b3e219c618 
efa12d76c90a0702f71637 70b68f2a680be6094a 


bc0c5d8bf40673200246137927121b738190043a5ded8c1 3cfb0ed 
92340dd5eb 


055056657d155550912212800647z80f5z3010036fz 


4dbb41d4b85bdd23da051b158f4dcfc144b780b9de3d5373ba2ad7 
4ad3587083 


12288 :h4fmuV/2S1l11 MCAHab51I0OWozQsmknY87Z1 EPcIMkc9A7Z 
2:h42DMCA6b5fWQmknY87LEPcl9nl 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
560648 


peexe, signed, overlay, direct-cpu-clock-access, checks-network- 
adapters, runtime-modules 


null 

2018-11-16T05:03:04Z 
2021-04-17T15:17:39Z 
2021-04-17T15:17:39Z 
2021-04-20T 12:32:11Z 
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Vifile 


{"attributes":{"creation_date":"1542344584" "first_submission_date 
"""1618672659","last_analysis_date":"1618672659","last_analysis 
_results": {"Bkav": {"category":"undetected","engine_| name”: "Bkav"," 
engine_update":"20210416","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_ name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist”,"result":"malicious (high 
confidence)"}, “DrWeb": {"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210417","engine_version":"7.0.49.9080 
""method":"blacklist","result":"Adware.ClickMeIn.9588"},"MicroWo 
rid-eScan" "category": "malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210417","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"},"FireEye":{"category":"malicious","engine_name 
ae hee ‘engine_update":"20210417","engine_ version":"32.44, 
HOw "method": "blacklist","result": "Generic. mg. 3035ae462a94106e" 
ICAT- -QuickHeal": "category": "malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210416","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"ALYac":{"cat 
egory": "undetected","engine_name":"ALYac","engine_update":"20 
210417" s"engine_| version":"1.1.3. 1","method":"blacklist"}, PsGylance" 
:{"category":"undetected","engine_| name": "Cylance","engine_updat 
e":"20210417","engine_version":"2.3.1.101","method":"blacklist"}," 
Zillya :{"category":"malicious","engine_name":"Zillya","engine_upd 
ate":"20210416","engine_version":"2.0.0.4344","method":"blacklist 
i eee "Backdoor.Bladabindi.Win32.18541"}, "SUPERAntiSpywa 
e":{"category":"malicious","engine_name":"SUPERAntiSpyware"," 
enainesupdeters "20210416","engine_version":"5.6.0.1032","metho 
d":"blacklist","result":"PUP.Bundler/Variant"},"Sangfor":{"category": 
"malicious","engine_name":"Sangfor","engine_update":"20210416 
""engine_| version":"2.9.0. 0","method":"blacklist","result":"Win.Malw 
are.Downloadguide-6803841 - 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210417","engine_version":"11.176.36957 
"method": "blacklist","result": "Riskware ( 0040eff71 
Via "Alibaba":{"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5", "method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210417","engine_version":"11.176.36957", "me 
thod":"blacklist","result":"Riskware ( 0040eff71 
ale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 62a941 ae "BitDefenderTheta": {"c 
ategory": "undetected" ,"engine_name":"BitDefenderTheta","engine 
_update":"20210414","engine_version":"7.2.37796.0","method":"bl 
acklist"},"Cyren":{"category":"malicious","engine_name":"Cyren","e 
ngine_update":"20210417","engine_ version”:"6.3.0. 2","method":"bl 
acklist","result":"W32/S- 
558ae90b!Eldorado"}, "SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"timeout","engine_name":"Symantec","engin 
e_update":"20210417","engine_version":"1.14.0.0","method":"blac 
klist"},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210417","engine_version":"23148"," 
method":"blacklist","result":"a variant of Win32/DownloadGuide.D 
potentially 
unwanted"},"APEX":{"category":"undetected","engine_name":"AP 
EX","engine_update":"20210416","engine_version":"6.153","metho 
d":"blacklist"},"Avast":{"category":"undetected","engine_| name":"Av 
ast","engine_update":"20210417","engine_version":"21.1.5827.0"," 
method": "placklist"},"ClamAV":{"category":"malicious","engine_na 
me":"ClamAV","engine_update":"20210417","engine_version":"0.1 
03.2.0","method":"blacklist","result":"Win.Malware.Downloadguide- 
6803841 - 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210417" "engine_version":"21 .0.1.45","met 
hod":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"BitDefen 
der":{"category":"malicious","engine_name":"BitDefender","engine 
_update":"20210417","engine_version":"7.2","method":"blacklist","r 
eeule "Gen:Variant. Application. Bundler.DownloadGuide. 48"}, "NA 
NO- Antivirus”: {"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210417","engine_version":"1.0.146. 
25279", "method": “blacklist","result":"Riskware.Win32.Covus. ie 
},"Paloalto" :{"category": "undetected" ,"engine_name":"Paloalto","e 
gine_update":"20210417","engine_version":"1.0","methoa": "blackli 


gine_update":"20210417","engine_version":"1.0","method":"blackli 
st"},"ViRobot":{"category":"undetected","engine_name":"ViRobot"," 
engine_update":"20210417","engine_version":"2014.3.20.0", "meth 
od":"blacklist"},"Rising":{"category":"timeout","engine_name":"Risin 
g","engine_update":"20210417","engine_' version”:"25.0.0. 26","met 
hod": “blacklist’}, "Ad- 
Aware":{"category":"undetected","engine_name":"Ad- 
Aware","engine_update":"20210417","engine_version":"3.0.16.117 
5 "method": "blacklist’y, "Trustlook": {"category": "type- 
unsupported", "engine_name":"Trustlook" “"engine_update":"2021 0 
417","engine_version":"1.0","method": "blacklist"}, "Sophos":{"categ 
ory":"malicious","engine_name":"Sophos","engine_update":"20210 
417","engine_ version":"1.0.2. 0","method":"blacklist","result":"Down 
loadGuide 
(PUA)"},"Comodo":{"category":"malicious","engine_name":"Comod 
o","engine_update":"20210416","engine | version": "33445","metho 
d":"blacklist","result":"Application.Win32.DownloadGuide. A@7y5g 
wx"},"F- Secure" :{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331" "engine. version":"12.0.86.5 
2","method":"blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"VIPRE":{"category":"malicious","engine 
“name": "VIPRE","engine_update":"20210417","engine_version":"9 
7898","method":"blacklist”,"result":"Trojan.Win32.Generic!BT"},"Tr 
endMicro" :{"category": "undetected" ,"engine_name":"TrendMicro"," 
engine_update":"20210330","engine_version":"11.0.0.1006","meth 
od":"blacklist"},"McAfee- Gw- 
Edition":{"category":"timeout","engine_name":"McAfee-GW- 
ee "engine_update":"20210417","method":"blacklist"},"Trapmi 
e":{"category":"type- 
lesupponed’ "engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "placklist"},"CMC":{" 
category”: "undetected","engine_| name":"CMC" ,"engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210417","engine_version":"2018.12.0.1641", "method" 
"blacklist","result": "Application. Downloader 
(A)"},"IKarus":{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210417","engine_' version”:"0.1.5. 2","method": “blac 
klist","result":"PUA.DownloadGuide"},"GData": "category": "malicio 
us", "engine _ name":"GData","engine_update":"20210417","engine 
_version":"A:25.29345B:27.22690","method":"blacklist","result":"W 
in32. Application. DownloadGuide. ct "Jiangmin":{' category": "malici 
ous","engine_name":"Jiangmin","engine_update":"20210416","eng 
ine version": "16.0.100","method":"blacklist","result":" Downloader. 
DownloaderGuide.agk"},"eGambit":{"category":"malicious","engine 
_name":"eGambit","engine_update":"20210417","method":"blackli 
st","result": "Unsafe.Al_ Score  100%"},"Avira": {"category": "undetec 
ted" ,"engine_name":"Avira","engine_update":"20210417","engine_ 
version":"8.3.3.12","method":"blacklist"},"MAX":{"category":"malicio 
us","engine_| name":"MAX" ,"engine_update":"20210417","engine_v 
ersion":"2019.9.16.1","method":"blacklist","result":"malware (ai 
score\u003d76)"}, "Kingsoft": {"category": "undetected", "engine_na 
me":"Kingsoft","engine_update":"20210417","engine_version":"20 
17.9.26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicio 
us","engine_name":"Gridinsoft","engine_update":"20210417","engi 
ne_version":"1.0.37.128", "method": "blacklist","result":"PUP. Down 
oader.dd!c"},"Arcabit":{"category":"undetected","engine_name":"Ar 
cabit","engine_update":"20210417","engine_| version":"1.0.0.881 Ene 
method":"blacklist"},"AegisLab":{"category": "undetected”,"engine_ 
name":"AegisLab","engine_update":"20210417","engine_version": 
"4.2","method":"blacklist"},"ZoneAlarm":{"category":"malicious","en 
gine_name":"ZoneAlarm","engine_update":"20210417" “engine_v 
ersion":"1.0","method":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210417","engine_version":"210417- 
00", "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210417","engine_versio 
n":"1.1.18000.5","method":"blacklist","result":"PUA:Win32/Downlo 
adGuide"y, "Cynet": {"category": "malicious" ,"engine_name":"Cynet", 
“engine_update":"20210412","engine_version":"4.0.0.27","method 
""blacklist","result": "Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update":" 
20200916","engine_version":"2.0.936", "method": “placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210417","engine_version":"3.19.7.10132" 


V3","engine_update"."2021 0417","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":" PUP/Win32. DownloadGuide.R24528 
9"},"Acronis" "category": "undetected","engine_name":"Acronis","e 
ngine_update":"20210211" "engine_| version". milestele Salle "method":" 
blacklist"},"McAfee":{"category":"malicious","engine_| name":"McAf 
ee","engine_update":"20210417","engine_' version":"6.0.6. 653","m 
ethod":"blacklist","result":"PUP- 
FXK"}, "TACHYON": {"category":"undetected","engine_name":"TAC 
HYON","engine_update":"20210417","engine_version":"2021 -04- 
17.02","method":"blacklist"},"VBA32":{"category":"malicious",' ‘engi | 
new name":"VBA32" ,"engine_update":"20210416","engine_' version" 
""5.0.0","method":"blacklist", “result”: "Downloader.DownloaderGuid 
e"}, "Malwarebytes" {"category": "malicious","engine_name":"Malwa 
rebytes","engine_update":"2021041 5""engine_version":"4.2.1 alley. 
"method":"blacklist","result":"PUP.Optional. DownloadGuide"},"Zon 
er":{"category": "undetected", "engine_name":"Zoner","engine_upda 
te":"20210416","engine_ version":"0.0.0. 0","method": "blacklist’?, salir 
endMicro- 
HouseCall": {' 'category”:"undetected","engine_name":"TrendMicro- 
HouseCall","engine_| update": "20210417","engine_version":"10.0.0 
-1040", "method": "blacklist"},"Tencent":{"category":"undetected","e 
ngine_name":"Tencent","engine_update":"20210417" MenaIne CER 
sion":"1.0.0.1","method":"blacklist"},"Yandex":{"category":"undetec 
ted","engine_| name": "Yandex","engine_update":"20210415","engin 
e_version":"5. 5. 2.24", "method": "blacklist"},"SentinelOne": {"categor 
y":"malicious","engine_name":"SentinelOne","engine_update":"20 
21021 5","engine_version":"5.0.0.20","method":"blacklist”,"result”:" 
Static Al - Malicious 
PE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSe 
cure","engine_update":"20210417" “engine_version":"1 .0.0.1","me 
thod":"blacklist","result":"Trojan. Malware.121218. susgen"},"Fortine 
t":{"category":"malicious","engine_name":"Fortinet","engine_updat 
e":"20210417","engine_version":"6.2.142.0", "method": "placklist","r 
sult” ‘Riskware/DownloaderGuide"},"Webroot":{"category" “malic 
ous","engine_name":"Webroot","engine_update":"20210417","engi 
ne_version":"1.0.0.403","method":"blacklist","result":"Pua.Freemiu 
m'},"Panda":{"category":"undetected","engine_name":"Panda","en 
gine_update":"20210417","engine_version":"4.6.4.2","method":"bla 
cklist"},"CrowdStrike": {"category": "malicious","engine_name":"Cro 
wdStrike","engine_update":"20210203","engine_version":"1.0","me 
thod":"blacklist","result":"win/malicious_confidence_100% 
(D)"},"Qihoo- 
360":{"category":"undetected","engine_name":"Qihoo- 
360","engine__ update": "20210417" "engine version":"1.0.0.1120"," 
method":"blacklist' ‘}},"last analysis stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":39,"suspicious":0,"ti 
meout":3,"type- 
unsupported":5,"undetected":26},"last_modification_date":"161892 
1931","last_ submission | date":"1618672659","md5":"3035ae462a9 
4106¢f40d74b3e21 90615 8","meaningful_name":"3035ae462a9410 
6ef40d74b3e219c618. virus", "names" ["3035ae462a941 06ef40d74 
b3e219c61 8.virus"],"reputation":"0","shat ""efal2d76c90a0702f7f 
63770b68f2a680be6094a","sha256":"bc0c5d8bf406732002461 37 
927121b738190043a5ded8c1 3cfb0ed92340dd5eb","size":"56064 
8","tags"["peexe","signed","overlay","direct-cpu-clock- 
access","checks-network-adapters","runtime- 
modules", "times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_ description”: "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"05505665 
7d15555091z21280064728015z301 0036fz", "authentihash":"4dbb4 
1d4b85bdd23da051b158f4dcfc144b780b9de3d5373ba2ad74ad35 
87083","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"85052","imphash":"c581e778ba559d8 
e6a1073ed4b1 45b6F","import_list":[{"imported_functions":["GetSav 
eFileNameW","GetOpenFileNameW"],"library_name":"COMDLG3 
2.dll"},{"imported_functions":["GetDeviceCaps","DeleteDC","Select 
Object","GetStockObject","CreateSolidBrush","GetObjectW","Crea 
teCompatibleDC","DeleteObject")],"library_name":"GDI32.dll"},{"im 
ported_functions":["Shell_NotifylconW","CommandLineToArgvW", 
"DoEnvironmentSubstW"J,"library_name":"SHELL32.dll"},{"importe 
d_functions":["GetStdHandle","InterlockedPopEntryS_List","WaitFor 
SingleObject","EncodePointer","DeleteCriticalSection","GetCurrent 
Process","GetConsoleMode","LocalAlloc","FreeEnvironmentString 
sW","SetStdHandle","GetCPInfo","WriteFile","GetSystem TimeAsFi 
leTime","HeapReAlloc","GetStringTypeW","FreeLibrary", "Interlock 
edPushEntrySList","LoadResource","FindClose","InterlockedDecr 
ement","GetFullPathNameW","DebugBreak","SetLastError","TlsG 


ement","GetFullPathNameW","DebugBreak","SetLastError","TlsG 
etValue","OutputDebugStringW","GetModuleFileNameW","|sDebu 
ggerPresent","HeapAlloc","IstrempiW","HeapSetinformation","Unh 
andledExceptionFilter","LoadLibraryExW","MultiByte ToWideChar", 
"SetFilePointerEx","FlushInstructionCache","SetUnhandledExcepti 
onFilter","MulDiv", "IsProcessorFeaturePresent", "DecodePointer"," 
TerminateProcess", "GlobalAlloc", "SetEndOfFile", "GetCurrentThre 
adid","LeaveCriticalSection","WriteConsoleW", "InitializeCriticalSec 
tionAndSpinCount","HeapFree","EnterCriticalSection","SetHandle 
Count","LoadLibraryW","GetOEMCP","QueryPerformanceCounter 
""GetTickCount","TIlsAlloc","FlushFileBuffers","LoadLibraryA","Rtl 
Unwind","GetFileSize","GetStartupInfoW","GlobalLock","GetProce 
ssHeap","GetTempFileNameW","FindNextFileW","FindFirstFilew", 
"IstrcmpW","GetProcAddress","CreateEventW","CreateFileW","Ge 
tFileType","TlsSetValue","ExitProcess","InterlockedIncrement","Ge 
tLastError","LCMapStringW","IstrlenA","GetConsoleCP","GetEnvir 
onmentStringsW","GlobalUnlock","IstrlenW","SizeofResource","Ge 
tCurrentProcessld","GetCommandLineW","WideCharToMultiByte" 
,"HeapSize","InterlockedCompareExchange","RaiseException","M 
apViewOfFile","TlsFree","SetFilePointer","ReadFile","CloseHandle 
""GetACP","GetModuleHandleW","GetFileAttrioutesExW'","IsValid 
CodePage","HeapCreate","FindResourceW","VirtualFree","Sleep", 
"VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_function 
s"["LoadRegTypeLib","VariantChangeType","SysStringLen","Sys 
StringByteLen","VarBstrCat","VariantClear","SysAllocString","OleC 
reateFontindirect","DispCallFunc","VariantCopy","LoadTypeLib","S 
ysFreeString","SysAllocStringByteLen","Variantinit","VarUl4FromS 
tr’],"library_name":"OLEAUT32.dll"},{"imported_functions":["RegCr 
eateKeyExW","RegDeleteValueW","RegCloseKey","RegSetValue 
ExW","RegQuery|nfokKeyW","RegEnumKeyExW","RegOpenKeyEx 
W'","RegDeleteKeyW","RegQueryValueExW'"J,"library_name":"AD 
VAPI32.dll"},{"imported_functions":["CreateStreamOnHGlobal","Ol 
eLockRunning","Olelnitialize","CoTaskMemRealloc","CoCreatelnst 
ance","OleUninitialize","CoTaskMemFree","CoTaskMemAlloc’],"lib 
rary_name":"ole32.dll"},{"imported_functions":["PathFileExistsW"]," 
library_name":"SHLWAPI.dlIl"},{"imported_functions":["SetFocus"," 
RegisterWindowMessageW","GetMonitorInfoW","GetClassInfoEx 
W","RedrawWindow","BeginPaint","DefWindowProcW","KillTimer", 
"GetMessageW","ShowWindow","MapWindowPoints","GetParent" 
,"SetWindowLongW","IsWindow","PeekMessageW","GetWindowR 
ect","EndPaint","UpdateWindow","MoveWindow","SetWindowPos" 
,"TranslateMessage","GetWindowTextLengthW","PostMessageW" 
,"GetSysColor","DispatchMessageW","GetDC","ReleaseDC","Sen 
dMessageW","UnregisterClassA","GetWindowLongW","|sWindow 
Visible" ,"SetWindowTextW","GetDigltem","GetWindow","Loadima 
geW","MonitorFromWindow","ClientToScreen","InvalidateRect","S 
etTimer","CallWindowProcW","GetClassNameW","FillRect","Creat 
eAcceleratorTableW","GetWindowTextW","GetDesktopWindow"," 
LoadCursorW","LoadiconW","GetFocus","CreateWindowExW","R 
egisterClassExW","GetClientRect","CharNextW","IsChild","Destro 
yWindow"],"library_name":"USER32.dll"}],"machine_type":"332","0 
verlay":{"chi2":5983.025390625,"entropy":7.646018981933594, "fil 
etype":"Data","md5":"9661a7e23bdc349503a72ec61be1 5bf7","off 
set"""552960","size":"7688"},"resource_details":[{"chi2":206692.81 
25,"entropy":5.39431 0474395752, "filetype":"Data","lang":"NEUTR 
ae "sha256":"abcb0193ed76d190556c3748 1 36be9e0230f2bf5e2 
44d104d00ac77d921068ac", "type":"RT. _ICON"}, {"chi2":80781.078 
125,"entropy":5.588585376 739502, "filetype":"Data","lang":"NEUT 
RAL","sha256":"cd664a1691a50e28a0fac9b54318be7be51déd1e 
6383b777e32b654e04ab5305", "type":"RT_ICON"}, {"chi2": 15863.7 
744140625,"entropy" '5.92164373397827 15,"tiletype": "Data","lan 
":"NEUTRAL","sha256":"149e1 228 109b9cd360242bfe031 c26f4oe 
4628287c7b78c7578ba69a878ali49", "type":"RT_ICON"},{"chi2":3 
685.33251953125,"entropy":2.4584920406341553,"filetype":"Data 
""lang":"NEUTRAL","sha256":"77a1 efb61 36152dd2372987b1 i 
86aa75baeacb93bad009aa3e284c57b8694","type":"RT_GROU 
ICON"},{"chi2":19078.84765625,"entropy":2. 966618061065674, val 
etype":"Data","lang":"N EUTRAL", "sha256":"ddee1 9afcc2b01d589 
efffda1a4f3d29b7edfcb9ae22ca4d39ce46f6ba76752", "type":"RT 
_VERSION'"},{"chi2":3945.59 1 796875,"entropy":4.88451 67160034 
18,"filetype":"application/xml","lang": "NEUTRAL", "sha256":"82816 
c86a72cc9cc6 15c7a4835862ce780b83379b32a91 7a65b59c2b2a 
13b94f","type":"RT_MANIFEST"}],"resource_langs":{"NEUTRAL":" 
a resource_types":{"RT_ICON":"3","RT_GROUP_ICON":"1","RT 
RSION":"1","RT_MANIFEST": na", "sections" [{"chi2":191 6618. 
75. aE 6.56 "flags": "mx, "md5":"66fb890b68 1 5e40e6282ea45 
1878b382", "name":".text","raw_size":"361472","virtual_address":"4 
096", "virtual_size":"361 286"}, {"Chi2":890169.38,"entropy":7.29,"fla 


096","virtual_size":"361286"},{"chi2":890169.38,"entropy":7.29,"fla 
gs":"r","md5":"d8a20660cb464e3dff63f62da0282331","name":".rda 
ta", ane size":"138240","virtual_address":"368640", "virtual | size":" 
137808"},{"chi2":730928.75,"entropy":3.94 "flags": "rw", "md5":"7b3 
35a4c050ac3f0c981d08e158d44de", "name":".data","raw_size":"87 
04","virtual_address":"507904","virtual_size":"1 8560"),{"chi2":3640 
92.38,"entropy":5.49,"flags":"r","md5":"7bbdeccccOcf96f0d750210 
77ab6b1 1 0","name":".rsrc", "raw size":"16384","virtual_address":"5 
28384", "virtual | size": "16064"}, {"chi2":517750. 28," ‘entropy":5.83,"fl 
ags":"r","md5":"37fa0adc7813e1 f2f485deec07d8b5eb", "name":".re 
loc", "raw size":"27136","virtual_address":"544768", "virtual |_size":" 
26894"}],"timestamp":" 1542344584") "signature_info":{"signers":"C 
OMPUTER BILD Digital GmbH; Sectigo RSA Code Signing CA; 
USERTrust RSA Certification Authority; Sectigo (AAA)","signers 
details":[{"algorithm":"sha256RSA","cert issuer": eo ete RSA 
Code Signing CA","name": "COMPUTER BILD Digital 

GmbH", cone number":"1B 4C BO DF 7A E6 B2 20 2A 3F F3 0B 
5D F7 1 

Fil » gtatus":"Valil,“thumbprint”"2DFBA4833423C5961 9FAOD14 
6042E6B9D5FBD765","valid from":"12:00 AM 05/12/2020","valid 
to":"11:59 PM 05/12/2021","valid usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"USERTrust RSA 
Certification Authority","name":"Sectigo RSA Code Signing 

ate serial number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


6A","status":"Valid","thumbprint":"94C95DA1E850BD85209A4A2A 
F3E1FB1604F9BB66","valid from":"12:00 AM 11/02/2018","valid 
to":"11:59 PM 12/31/2030","valid usage":"Code Signing, 
Timestamp Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA 
Certificate Services","name":"USERTrust RSA Certification 
A number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 
D 3135 
95","status":"Valid","thumbprint":"D89E3BD43D5D909B47A18977 
AA9D5CE36CEE184C", "valid from":"12:00 AM 03/12/2019","valid 
to":"11:59 PM 12/31/2028","valid 
usage":"All"},{"algorithm":"sha1RSA","cert issuer":"AAA Certificate 
Services","name":"Sectigo (AAA)","serial 
number":"01","status":"Valid","thumbprint":"D1EB23A46D17D68F 
D92564C2F1F1601764D8E349","valid from":"12:00 AM 
01/01/2004", "valid to":"11:59 PM 12/31/2028","valid usage":"Client 
Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC 
User, Server Auth, Timestamp Signing"}],"signing date":"03:18 PM 
04/17/2021", "verified":"Signed","x509":[{"algorithm":"sha1 RSA","c 
ert issuer":"AAA Certificate Services","name":"AAA Certificate 
Services","serial 
number":"01","thumbprint":"D1EB23A46D17D68FD92564C2F1F1 
601764D8E349","valid from":"2004-01-01 00:00:00","valid 
to":"2028-12-31 23:59:59"},{"algorithm":"sha256RSA","cert 
issuer":"Sectigo RSA Code Signing CA","name":"COMPUTER 
BILD Digital GmbH","serial number":"1B 4C BO DF 7A E6 B2 20 
2A 3F F3 0B 5D F7 11 
F1","thumbprint":"2DFBA4833423C5961 9FA0D 146042E6B9D5FB 
D765","valid from":"2020-05-12 00:00:00","valid to":"2021-05-12 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA Certificate 
Services","name":"USERTrust RSA Certification Authority","serial 
number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 
95","thumbprint":"D89E3BD43D5D909B47A18977AA9D5CE36CE 
E184C","valid from":"2019-03-12 00:00:00","valid to":"2028-12-31 
23:59:59"} {"algorithm":"sha384RSA","cert issuer":"USERTrust 
RSA Certification Authority","name":"Sectigo RSA Code Signing 
Ceara number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 
6A","thumbprint":"94C95DA1 E850BD85209A4A2AF3E1FB1604F 
9BB66","valid from":"201 8-11-02 00:00:00","valid to":"2030-12-31 
23:59:59","valid_usage":"Code Signing, Timestamp 
Signing’ "Ih, "ssdeep":"12288:h4fmuV/2SIl1 MCAHab510WozQsmkn 
Y87Z1EPcIMkc9A7Z2:h42DMCA6b5fWQmknY87LEPcl9n", "trid":[ 
{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 
(generic)","probability":7.0}]},"id":"bcOc5d8bf40673200246 137927 
121b738190043a5ded8c1 3cfb0ed92340dd5eb","links":{"self":"http 
s://www.virustotal.com/api/v3/files/bcOc5d8bf40673200246 137927 
121b738190043a5ded8c1 3cfb0ed92340dd5eb"},"type":"file"} 


121b738190043a5ded8c1 3cfo0ed92340dd5eb"},"type":"file"} 


View on VirusTotal 


GUI Url: 
https://www.virustotal.com/gui/file/ocOc5d8bf406732002461 37927 121b738190043a5ded8c1 3cfb0ed9 
2340dd5eb 


File Summary 


Names 3035ae462a94 1 06ef40d74b3e219c618.virus 
File Type peexe 
File Type Description Win32 EXE 
peexe, signed, overlay, direct-cpu-clock-access, 
Tags 
checks-network-adapters, runtime-modules 
Times Submitted 1 


TrID - file type identification tool 


File Type Probability % 
Win32 Executable MS Visual C++ (generic) 48.8 

Win64 Executable (generic) 16.4 

Win32 Dynamic Link Library (generic) 10.2 

Win16 NE executable (generic) 7.8 

Win32 Executable (generic) 7.0 


VirusTotal Analysis Summary 
Aggregate Result malicious - 39 / 73 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 0 

Malicious 39 

Suspicious 0 

Timeout 3 

Type Unsupported 5 

Undetected 26 


Total 73 


Community Votes 
Total votes cast: 0 


Incoming (1) 
12) 117.18.232.200 
Ws VirusTotal File 
@ maltego.virustotal.File 


20090457 


116 


Weight 
MeaningfulName 
File Id 


Names 

File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 


SSDEEP 


Magic 

File Size 

Tags 

Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
Reputation 


0 
20090457 


066623257995233ed8833d2681 ce23032067b23422053ac1 0c9f7Ff 
f6c2a56e9f 


20090457 

PEEXE 

Win32 EXE 
7577aafi2dd73b4366f8bd9a3334c31b 
58712ac56816c4ee1 746c98c6ec097 14e34ff89d 


066623257995233ed8833d2681 ce23032067b23422053ac1 0c9f7f 
f6c2a56e9f 


055056657d155550912212800647z80f5z3010036fz 


64f4938286fb34ee6c3ee631028ab1 9c74e3ae32bb784 1 a2d08f98 
a076719227 


12288:74fmuV/2S1l1 MCAHab51I0OWozQsmknY87Z1 EPcIMkc9A7Z 
2:742DMCA6b5fWQmknY87LEPcl9nl 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
559840 
peexe, signed, overlay 


null 
2018-11-16T05:03:04Z 
2021-04-20T07:31 :34Z 
2021-04-20T07:31 :34Z 
2021-04-22T01:55:17Z 
0 


0 
1 
0 


Vifile 


{"attributes":{"creation_date":"1542344584" "first_submission_date 
"-"1618903894","last_analysis_date":"1618903894","last_analysis 
_results": {"Bkav": {"category":"undetected","engine_| name”: "Bkav"," 
engine_update":"20210419","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_ name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist”,"result":"malicious (high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210420","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"}, "FireEye": {"category":"malicious","engine_name 
":"FireEye","engine_update":"20210420","engine_version":"32.44. 
1.0","method":"blacklist","result": "Generic. mg.757/7aafi2dd73b43"}, 
"CAT-QuickHeal": {"category":"malicious","engine_name":"CAT- 
QuickHeal", "engine_update":"20210419","engine_version":"14.00" 
"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"McAfee":{"c 
ategory": "malicious","engine_name":"McAfee","engine_update":"2 
Cea Ee ,"engine_version":"6.0.6.653","method":"blacklist","result 
FXK"},"Cylance":{"category":"undetected","engine_name":"Cylanc 
e","engine_update":"20210420","engine_version":"2.3.1.101","met 
hod":"blacklist"},"Zillya":{"category":"malicious","engine_name":"Zil 
lya","engine_update":"20210420","engine_version":"2.0.0.4346"," 
method":"blacklist","result":"Backdoor.Bladabindi.Win32. 18541 "}," 
AegisLab": {"category”: "undetected","engine_name":"AegisLab","e 
ngine_| update": "20210421","engine_version":"4.2","method":"black 
list"},"Sangfor":{"category":"malicious","engine_| name": "Sangfor"," 
engine_update":"20210416","engine_version":"2.9.0.0","method":" 
blacklist","result":"Win.Malware. Downloadguide- -6803841 - 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210420","engine_version":"11.176.36969 
""method":"blacklist","result":"Riskware ( 0040eff71 
i "BitDefender": "category": "malicious","engine_name":"BitDefen 
der","engine_update":"20210420","engine_version":"7.2","method" 
“"blacklist","result":"Gen: Variant. Application. Bundler.DownloadGui 
de.48"}, "K7GW": {"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210420","engine_ version":"11.176. 36969", "me 
thod":"blacklist","result":"Riskware ( 0040eff71 
ale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. {2dd73"), "Arcabit": {"category": "u 
ndetected","engine_name":"Arcabit","engine_update":"20210420", 
“engine_ version":"1.0.0.881","method":"blacklist"},"BitDefenderTh 
eta":{"category": "undetected" ,"engine_name":"BitDefenderTheta"," 
engine_update":"20210414","engine_version":"7.2.37796.0", "meth 
od":"blacklist"},"Cyren":{"category":"malicious","engine_name":"Cy 
ren","engine_update":"20210420","engine_| version":"6.3.0. a mel 
hod":"blacklist","result":"W32/S- 
58b25de1 IEldorado"}, "SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210420","engine_version":"1.14.0.0","method":"bla 
cklist","result":"PUA. DownloadSponsor'}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210420","engine_version":"23161"," 
method":"blacklist","result":"a variant of Win32/DownloadGuide.D 
potentially 
unwanted"},"Baidu":{"category":"undetected","engine_name":"Baid 
u","engine_update":"20190318","engine_version":"1.0.0.2","metho 
d":"blacklist"},"APEX":{"category":"undetected","engine_| name":"A 
PEX","engine_update":"20210419","engine_version":"6.155","met 
hod": “blacklist"}, "Paloalto":{"category":"undetected","engine_name 
":"Paloalto","engine_update":"20210420","engine_version":"1.0"," 
method": "blacklist"}, "ClamAV": "category": "malicious","engine_na 
me":"ClamAV","engine_update":"20210419","engine_version":"0.1 
03.2.0","method":"blacklist","result":"Win.Malware. Downloadguide- 
6803841 - 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210420" "engine_version":"21 .0.1.45","met 
hod":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"Alibaba" 
:{"category":"undetected","engine_name":"Alibaba","engine_updat 
e":"20190527","engine_version":"0.3.0.5","method":"blacklist"},"NA 
NO- Antivirus":{"category":"malicious" "engine. name":"NANO- 
Antivirus","engine_update":"20210420","engine_version":"1.0.146. 
25279","method": "blacklist", "result":"Riskware.Win32.Covus.fkfkjs" 
},"ViRobot":{"category":"undetected","engine_name":"ViRobot","en 


},"ViRobot":{"category":"undetected","engine_name":"ViRobot","en 
gine_update":"20210420","engine_version":"2014.3.20.0","method 
""blacklist"},"Tencent":{" category”: "undetected","engine_| name":"T 
encent","engine_update":"2021 0420","engine_version":"4 ADO a 
method": "placklist"},"Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update": "20210420", "engine_version":"3.0.16.117 
a "method": "blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"}, "Trustlook": {"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"2021 0 
420","engine_version":"1.0","method":"blacklist"},"Sophos":{"categ 
ory":"malicious","engine_name":"Sophos","engine_update":"20210 
420","engine_ version":"1.0.2. 0","method":"blacklist","result":"Down 
loadGuide 
(PUA)"},"Comodo":{"category":"malicious","engine_name":"Comod 
o","engine_update":"20210419","engine__ version” "33453","metho 
d":"blacklist","result":"Application.Win32.DownloadGuide. A@7y5g 
wx"},"F- Secure" :{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331" "engine. version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210420","engine_' version":"7.0 
-49.9080","method":"blacklist","result":"Adware.ClickMe!In.9588"}," 
VIPRE": {"category”: "malicious", "engine_name":"VIPRE","engine_ 
update":"20210420","engine_version":"91962","method":"blacklist" 
,"result":"Trojan. Win32. Generic!BT"}, "TrendMicro”: {"category":"un 
detected" ,"engine_name":"TrendMicro","engine_update":"2021033 
0","engine_version":"11.0.0.1006", "method": “placklist"},"McAfee- 
GW-Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"2021 0419", "engine_version":"v2019.1.2 
+3728", "method":"blacklist’,"result":"BehavesLike. Win32.Suspicio 
us.hh"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version":"2.10.2019. i "method": "blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210420","engine_' version":"2018.12.0. 1641", "method" 
be a ,"result": "Gen:Variant. Application.Bundler. DownloadGui 
le 
(B)"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210419","engine_' version":"0.1.5. 2","method": “blac 
klist","result":"PUA.DownloadGuide"},"Avast- 
Mobile": {"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210419","engine_version":"210419- 
00","method":"blacklist"},"Jiangmin" {"category":"malicious","engin 
e_name":"Jiangmin","engine_update":"20210419","engine_version 
""16.0.100","method":"blacklist","result": "Downloader.Downloader 
Guide.aqk"},"Webroot":{"category":"undetected","engine_name":" 
Webroot","engine_update":"20210420","engine_version":"1.0.0.40 
3","method":"blacklist"},"Avira":{"category":"undetected","engine_n 
ame": "Avira","engine_update":"20210420","engine_' version":"8.3.3 
lene "method": "blacklist"},"MAX":{"category":"malicious","engine_n 
ame":"MAX" ,"engine_update":"20210420","engine_version":"2019. 
9.16.1","method":"blacklist","result":"malware (ai 
score\u003d73)"}, "Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210420","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210420","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210420","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Adware.Win32. 
Downloader.vb!s1"}, "Microsoft": {"category": "malicious","engine_na 
me":"Microsoft","engine_update":"20210420","engine_version":"1. 
1.18000.5", "method": "blacklist","result":"PUA:Win32/DownloadGui 
de"}, "SUPERAntiSpyware": {"category":"malicious","engine_name" 
:"SUPERAntiSpyware","engine_update":"20210416","engine_versi 
on":"5.6.0.1032","method":"blacklist", "result":"Adware.Downloader/ 
Variant"},"ZoneAlarm":{"category": "undetected" ,"engine_name":"Z 
oneAlarm","engine_update":"20210420","engine_version":"1.0","m 
ethoa": "blacklist"}, "GData":{"category": "malicious" ,"engine_name": 
"GData","engine_update":"20210420","engine_version":"A:25.293 
79B:27.22724" ,"method":"blacklist","result":"Win32.Application.Do 
wnloadGuide. Tt, "Cynet":{"category":"malicious","engine_name":" 
Cynet","engine_update":"20210412" "engine_version": "4.0.0.27"," 
method":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx", 


engine_update": 


unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936","method":"blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 0420","engine_version":"3.1 9.7.10132" 
,"method":"blacklist","result":" PUP/Win32.DownloadGuide.R24528 
9"},"Acronis" "category": "undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_' version":"1.1.1. Sil "method":" 
blacklist"},"VBA32":{"category":"malicious","engine_name":"VBA3 
2","engine_update":"20210419","engine_' version":"5.0.0","method" 
"blacklist","result":"Downloader. DownloaderGuide"},"ALYac":{"cat 
egory": "malicious" ,"engine_name":"ALYac","engine_update":"202 
10420","engine_version":"1.1.3.1","method":"blacklist","result":"Ge 
n:Variant. Application. Bundler. DownloadGuide.48"},"TACHYON":{" 
category":"undetected","engine_name":"TACHYON","engine_upd 
ate":"20210420","engine_version":"2021-04- 
20.02","method":"blacklist"}, "Malwarebytes": {"category":"malicious 
2 engine_ name":"Malwarebytes","engine_| update": "20210420","en 
gine_version":"4.2.2.27", "method": "placklist","result":"Adware. Dow 
nloader"},"Panda":{" ‘category": "undetected","engine_name":"Pand 
a","engine_update":"20210419","engine_version":"4.6.4.2","metho 
d":"blacklist"},"Zoner":{"category":"undetected","engine_name":"Zo 
ner","engine_update":"20210419","engine_version":"0.0.0.0","met 
hod":"blacklist"},"TrendMicro- 
HouseCall": {' ‘category":"undetected","engine_name":"TrendMicro- 
HouseCall","engine_| update": "20210420" "engine_' version": "10.0.0 
.1040","method":"blacklist"},"Rising":{"category":"malicious","engin 
en name": "Rising","engine_update":"20210420","engine_' version”:" 
25h a .0.26","method":"blacklist","result":"Adware. DownloadGuide!1. 


(CLASSIC)"},"Yandex":{"category":"malicious","engine_name":"Ya 
ndex","engine_update":"20210415","engine_version":"5.5.2.24","m 
ethod": "blacklist", "result"." Trojan. GenAsa!4hPael7leTc’}, "Sentinel 
One":{"category":"malicious","engine_name":"SentinelOne","engin 
e_update":"20210215","engine_version":"5.0.0.20","method":"blac 
klist","result":"Static Al - Malicious 
PE"}, "eGambit":{"category":"undetected", engine name":"eGambit 
,"engine_update":"20210421","method":"blacklist"},"Fortinet":{"cat 
egory": "malicious","engine_name":"Fortinet","engine_update":"202 
10420", "engine_version":"6.2.142.0","method": "blacklist","result":" 
Riskware/DownloaderGuide"},"MaxSecure" :{"category": "malicious 
,"engine_name":"MaxSecure","engine_update":"20210420","engin 
e_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.1 
21218.susgen"}, "Avast": {"category": "undetected" ,"engine_name":" 
Avast","engine_update":"20210420" engine_| version": Tale 5827. 
0","methoad": "blacklist"},"CrowdStrike" :{"category":"malicious","engi 
ne_name":"CrowdStrike","engine_update":"20210203", "engine ve 
rsion":"1.0","method": "blacklist", "result":"win/malicious_confidence 
_ 100% (D)"},"Qihoo- 
360":{"category":"undetected","engine_name":"Qihoo- 
360","engine_update":"20210420","engine_version":"1.0.0.1120"," 
method":"blacklist"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":42,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":27},"last_modification_date":"161905 
6517","last_submission_date":"1618903894","md5":"7577aaff2dd7 
3b4366f8bd9a3334c31b","meaningful_name":"20090457","names 
":["20090457"],"reputation":"0","sha1":"58712ac5681 6c4ee1 746c9 
8c6ec097 14e34ff89d","sha256":"066623257995233ed8833d2681 
c€23032067b23422053ac1 Oc9f7ff6c2a56e9!","size":"559840","tag 
s"["peexe", "signed","overlay"],"times_submitted"."1 ""total_votes": 
{"harmless":"0" "malicious":"0"}, "type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"05505665 
7d15555091z212800647z80f5z3010036fz","authentinash":"64f493 
82861b34ee6c3ee631 028ab19c74e3ae32bb784 1 a2d08198a07671 
9227","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"85052","imphash":"c581e778ba559d8 
e6a1073ed4b1 45b6F","import_list":[{"imported_functions":["GetSav 
eFileNameW","GetOpenFileNameW"],"library_name":"COMDLG3 
2.dll"},{"imported_functions":["GetDeviceCaps","DeleteDC","Select 
Object","GetStockObject","CreateSolidBrush","GetObjectW","Crea 
teCompatibleDC","DeleteObject")],"library_name":"GDI32.dll"},{"im 
ported_functions":["RegCreateKeyExW","RegDeleteValueW","Reg 
CloseKey","RegSetValueExW","RegQueryInfokKeyW","RegEnumK 
eyExW","RegOpenkKeyExW","RegDeleteKeyW","RegQueryValueE 
xW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetS 
tdHandle","InterlockedPopEntrySList","WaitForSingleObject","Enc 
odePointer","DeleteCriticalSection","GetCurrentProcess","GetCon 


odePointer","DeleteCriticalSection","GetCurrentProcess","GetCon 
soleMode","LocalAlloc","FreeEnvironmentStringsW","SetStdHandl 
e","GetCPInfo","WriteFile","GetSystemTimeAsFileTime","HeapRe 
Alloc","GetStringTypeW","FreeLibrary","InterlockedPushEntrySList 
"""LoadResource","FindClose","InterlockedDecrement","GetFullPa 
thNameW","DebugBreak","SetLastError","TlsGetValue","OutputDe 
bugStringW","GetModuleFileNameW","|sDebuggerPresent","Heap 
Alloc","IstrempiW","HeapSetInformation","UnhandledExceptionFilt 
er","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx"," 
FlushInstructionCache","SetUnhandledExceptionFilter","MulDiv","| 
sProcessorFeaturePresent","DecodePointer","TerminateProcess", 
"GlobalAlloc","SetEndOfFile","GetCurrentThreadld","LeaveCritical 
Section","WriteConsoleW","InitializeCriticalSectionAndSpinCount", 
"HeapFree","EnterCriticalSection","SetHandleCount","LoadLibrary 
W","GetOEMCP","QueryPerformanceCounter","GetTickCount","TI 
sAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetFileSiz 
e","GetStartupInfoW","GlobalLock","GetProcessHeap","GetT empF 
ileNameW","FindNextFileW","FindFirstFileW","|strcmpW","GetProc 
Address","CreateEventW","CreateFileW","GetFileType","TlsSetVal 
ue","ExitProcess","InterlockedIncrement","GetLastError","LCMapS 
tringW","IstrlenA","GetConsoleCP","GetEnvironmentStringsW","Gl 
obalUnlock","IstrlenW","SizeofResource","GetCurrentProcessld"," 
GetCommandLineW","WideCharToMultiByte","HeapSize","Interloc 
kedCompareExchange","RaiseException","MapViewOfFile","TIsFr 
ee","SetFilePointer","ReadFile","CloseHandle","GetACP","GetMod 
uleHandleW","GetFileAttributesExW'","IsValidCodePage","HeapCr 
eate","FindResourceW","VirtualFree","Sleep","VirtualAlloc"],"librar 
y_name":"KERNEL32.dll"},{"imported_functions":["LoadRegTypeLi 
b","VariantChangeType","SysStringLen","SysStringByteLen","Var 
BstrCat","VariantClear","SysAllocString","OleCreateFontIndirect"," 
DispCallFunc","VariantCopy","LoadTypeLib","SysFreeString","Sys 
AllocStringByteLen","Variantlnit","VarUl4FromStr"],"library_name": 
"OLEAUT32.dll"},{"imported_functions":["Shell_ NotifylconW","Com 
mandLineToArgvW","DoEnvironmentSubstW'"},"library_name":"SH 
ELL32.dll"},{"imported_functions":["CreateStreamOnHGlobal","Ole 
LockRunning","Olelnitialize","CoTaskMemRealloc","CoCreatelnsta 
nce","OleUninitialize","CoTaskMemFree","CoTaskMemAlloc"],"libr 
ary_name":"ole32.dll"},{"imported_functions":["PathFileExistsW"],"I 
ibrary_name":"SHLWAPL.dIl"},{"imported_functions":["SetFocus"," 
RegisterWindowMessageW","GetMonitorlnfoW","GetClassInfoEx 
W","RedrawWindow","BeginPaint","DefWindowProcW","KillTimer", 
"GetMessageW","ShowWindow","MapWindowPoints","GetParent" 
,"SetWindowLongW","IsWindow","PeekMessageW","GetWindowR 
ect","EndPaint","UpdateWindow","MoveWindow","SetWindowPos" 
,"TranslateMessage","GetWindowTextLengthW","PostMessageW" 
,"GetSysColor","DispatchMessageW","GetDC","ReleaseDC","Sen 
dMessageW","UnregisterClassA","GetWindowLongW","|sWindow 
Visible" ,"SetWindowTextW","GetDigltem","GetWindow","Loadima 
geW","MonitorFromWindow","ClientToScreen","InvalidateRect","S 
etTimer","CallWindowProcW","GetClassNameW","FillRect","Creat 
eAcceleratorTableW","GetWindowTextW","GetDesktopWindow"," 
LoadCursorW","LoadilconW","GetFocus","CreateWindowExW","R 
egisterClassExW","GetClientRect","CharNextW","IsChild","Destro 
yWindow"],"library_name":"USER32.dll"}],"machine_type":"332","0 
verlay":{"chi2":6562.521484375,"entropy":7.57688045501 709, "filet 
e":"Data","md5":"1 69e8b2eec1 5ba2275b3f6c9a2a36be3","offse 
tee "552960", "size":"6880"},"resource_details":[{"chi2": 206692.81 25, 
"entropy":5.394310474395752,"filetype":"Data","lang":"NEUTRAL" 
,"sha256":"abcb0193ed76d1 90556¢3748136be9e0230f2bf5e244d 
104d00ac77d921068ac","type":"RT_ICON"},{"chi2":80781.078125 
,"entropy":5.588585376739502, "filetype":"Data","lang":"NEUTRAL 
""sha256":"cd664a1691a50e28a0fac9b5431 8be7be51d6d1ec383 
b777e32b654e04ab5305" ,"type":"RT _ICON"}, {"chi2":15863.77441 
40625,"entropy":5.92164373397827 15, "filetype":"Data","lang":"NE 
UTRAL","sha256":"149e12281 09b9cd360242bfe031c26f4954628 
287c7b78c7578ba69a878alt49","type":"RT_ICON"},{"chi2":3685.3 
3251953125,"entropy":2.458492040634 1553, "filetype":"Data","lan 
g":"NEUTRAL","sha256":"77a1 efb6 1 36f52dd2372987b13bf486aa 
75baeacb93bad009aa3e284c57b8694" ,"type":"RT_GROUP_ICO 
N"},{"chi2":19078.84765625,"entropy":2.966618061065674, "filetyp 
e":"Data","lang": "NEUTRAL", "sha256":"ddee1 9afcc2b01d589eféft 
dat a4f3d29b7edfcb9ae22ca4d39ce46f6ba76752", "type":"RT_VE 
RSION"},{"chi2":3945.591796875,"entropy":4. 88451671 6003418," 
filetype" :"application/xml","lang":"NEUTRAL","sha256":"82816c86 
a72cc9cc6 15c7a4835862ce780b83379b32a91 7a65b59c2b2a1 3b 
94" ,"type":"RT_MANIFEST"}],"resource_langs":{"NEUTRAL":"6"}, 
"resource_types":{"RT_ICON":"3","RT_MANIFEST":"1","RT_VER 
SION":"1","RT_GROUP_ICON":"1"},"sections":[{"chi2": 1916618.7 


SION":"1","RT_GROUP_ICON":"1"},"sections":[{"chi2":1916618.7 
5,"entropy":6.56,"flags":"rx","md5":"66fb890b6815e40e6282ea451 
878b382", "name":" text", "raw size":"361472","virtual_address":"40 
96","virtual_size":"361286"},{"chi2":890169. 38 ,"entropy":7.29,"flag 
Sucre d se: "d8a20660cb464e3dff63'62da0282331" ,"name": "dat 
a Taw. size":"138240","virtual_address":"368640", "Virtual_size":"1 
37808"), {"chi2":730928.75,"entropy":3.94,"flags": "rw", "md5":"7b33 
5a4c050ac3f0c981d08e158d44de","name":".data", "raw size":"870 
4","virtual_address":"507904","virtual_size":"1 8560"},{"chi2":36409 
2.38,"entropy":5.49,"flags":"r","md5":"7bbdeccccOcf96f0d7502107 
7Zab6b1 10","name": arsnicE: "raw size":"16384","virtual_address":"52 
8384","virtual_size":"16064"},{"chi2":517750.28,"entropy":5.83, "fla 
gs":"r “ ."md5":"37fa0adc781 3e1f2f485deec07d8b5eb", *name":".rel 
oc","raw_size":"271 36","virtual_address":"544768","virtual_size":"2 
6894"}],"timestamp":"1542344584"},"signature_info": {"signers":"W 
eQ Influencers GmbH; Sectigo RSA Code Signing CA 
USERTrust RSA Certification Authority; Sectigo (AAA)", "signers 
details":[{"algorithm":"sha256RSA", "cert issuer":"Sectigo RSA 
Code Signing CA","name":"WeQ Influencers GmbH","serial 
number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 31 D3 7A 
4F","status":"Valid","thumbprint":"CC4AD630AA5C31B407D96FF 
50DC8445F76BEF5EC", "valid from":"12:00 AM 03/17/2021","valid 
to":"11:59 PM 03/17/2022","valid usage":"Code 
Signing"},{"algorithm": "sha384RSA", "cert issuer":"USERTrust RSA 
Certification Authority","name": "Sectigo RSA Code Signing 
ee well number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


6A","status":"Valid","thumbprint":"94C95DA1E850BD85209A4A2A 
F3E1FB1604F9BB66","valid from":"12:00 AM 11/02/2018","valid 
to":"11:59 PM 12/31/2030","valid usage":"Code Signing, 
Timestamp Signing"},{"algorithm":"sha384RSA", "cert issuer":"AAA 
Certificate Services","name":"USERTrust RSA Certification 
Authority","serial number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 
DD 31 35 
95","status":"Valid","thumbprint":"D89E3BD43D5D909B47A1 8977 
AA9D5CE36CEE184C", "valid from":"12:00 AM 03/12/2019","valid 
to":"11:59 PM 12/31/2028","valid 
usage":"All"},{"algorithm":"sha1RSA","cert issuer":"AAA Certificate 
Services","name":"Sectigo (AAA)", "serial 
number":"01","status":"Valid","thumbprint":"D1 aes 7D68F 
D92564C2F1F1601764D8E349","valid from":"12:00 A 
01/01/2004","valid to":"11:59 PM 12/31/2028","valid fee cern 
Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC 
User, Server Auth, Timestamp Signing"}],"signing date":"07:32 AM 
04/20/2021","verified":"Signed","x509":[{"algorithm":"sha1 RSA","c 
ert issuer":"AAA Certificate Services","name":"AAA Certificate 
Services","serial 
number":"01","thumbprint":"D1EB23A46D17D68FD92564C2F1F1 
601764D8E349","valid from":"2004-01-01 00:00:00","valid 
to":"2028-12-31 23:59:59"},{"algorithm”": "sha256RSA", "cert 
issuer":"Sectigo RSA Code Signing CA","name":"WeQ Influencers 
ome ce number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 
4F","thumbprint":"CC4AD630AA5C31B407D96FF50DC8445F76B 
EF5EC", "valid from":"2021-03-17 00:00:00","valid to":"2022-03-17 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA Certificate 
Services","name":"USERTrust RSA Certification Authority","serial 
number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 
95","thumbprint":"D89E3BD43D5D909B47A18977AA9D5CE36CE 
E184C","valid from":"2019-03-12 00:00:00","valid to":"2028-12-31 
23:59:59"} {"algorithm":"sha384RSA","cert issuer":"USERTrust 
RSA Certification Authority","name":"Sectigo RSA Code Signing 
ee number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


6A","thumbprint":"94C95DA1 E850BD85209A4A2AF3E1FB1604F 
9BB66","valid from":"2018-11-02 00:00:00","valid to":"2030-12-31 
23:59:59","valid_usage":"Code Signing, Timestamp 
Signing"}]},"ssdeep":"12288:74fmuV/2SII1 MCAHab5I0OWozQsmkn 
Y87Z1 EPcIMkc9A7Z2:742DMCA6b5fWQmknY87LEPcl9n"", "trid":[ 
{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 
(generic)","probability":7.0}]},"id":"066623257995233ed8833d2681 
ce2303206 7b23422053ac1 Oc9f7ff6c2a56e9F","links":{"self":"https:/ 


ce23032067b23422053ac1 0c9f7fféc2a56e9F","links":{"self":"https:/ 
/www.virustotal.com/api/v3/files/066623257995233ed8833d2681c 
€23032067b23422053ac1 Oc9f7ff6c2a56e9F"},"type":"file"} 
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File Summary 


Names 20090457 

File Type peexe 

File Type Description Win32 EXE 

Tags peexe, signed, overlay 
Times Submitted 1 


TrID - file type identification tool 


File Type Probability % 
Win32 Executable MS Visual C++ (generic) 48.8 

Win64 Executable (generic) 16.4 

Win32 Dynamic Link Library (generic) nee 

Win16 NE executable (generic) 7.8 

Win32 Executable (generic) 7.0 


VirusTotal Analysis Summary 
Aggregate Result malicious - 42 / 74 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 0 

Malicious 42 

Suspicious 0 

Timeout 0 

Type Unsupported 5 

Undetected 27 


Total 74 


Community Votes 
Total votes cast: 0 
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Vifile 


{"attributes":{"creation_date":"1542344584" "first_submission_date 
""1618882865","last_analysis_date":"1618882865","last_analysis 
_results":{"Bkav":{"category":"undetected","engine__ name”: "Bkav"," 
engine_update":"20210419","engine_version":"1.3.0.9899", "metho 
d"“"blacklist"},"Elastic":{"category":"malicious","engine_name":"Ela 
stic","engine_update":"20210414","engine_version":"4.0.20","meth 
od":"blacklist","result":"malicious (high 
confidence)"}, “DrWeb": {"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210419","engine_ version":"7.0.49.9080 
""method":"blacklist","result":"Adware.ClickMeIn.9588"},"MicroWo 
rid-eScan" -{"category": "malicious","engine_name":"MicroWorld- 
eScan"," ‘engine_update": "20210419","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Bundler.Do 
wnloadGuide. 48"},"FireEye":{"category":"malicious","engine_name 
ns Gales "engine_update":"20210420","engine_' version":"32.44. 
1.0","method":"blacklist","result": "Generic. mg. 28¢116629b22b95e" 
CAT -QuickHeal": "category": "malicious","engine_name":"CAT- 
QuickHeal”,"engine_update":"2021 041 9","engine_version":"1 4.00" 
,"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"McAfee":{"c 
ategory": "malicious","engine_name":"McAfee","engine_update":"2 
0210420" "engine_version": "6.0.6.653","method":"blacklist","result 
We “PUP ie 
FXK"},"Cylance":{"category":"undetected","engine_name":"Cylanc 
e","engine_update":"20210420","engine_version":"2.3.1.101","met 
hod": -"blacklist’}, "Zillya":{"category":"malicious","engine_name":"Zil 
lya","engine_update":"20210419","engine_version":"2.0.0.4345"," 
method": "placklist","result": "Backdoor.Bladabindi.Win32.18541 a i 
SUPERAntiSpyware": {"category":"malicious","engine_name":"SU 
PERAntiSpyware","engine_update":"2021 041 6","engine_version": 
*5:6.041 032","method": "blacklist","result":"Adware.Downloader/Vari 
ant"},"Sangfor":{"category": "malicious" ,"engine_name":"Sangfor"," 
engine_update":"20210416","engine_version":"2.9.0.0","method":" 
blacklist","result":"Win.Malware. Downloadguide-6803841 - 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210419","engine_version":"11.176.36967 
"""method":"blacklist","result": "Riskware ( 0040eff71 
Vay "Alibaba" {"category": "undetected","engine_name":"Alibaba", 
ngine_update":"20190527","engine_' version": 503:0!5i- "method": "bl 
acklist"},"K7GW":{"category":"malicious","engine_ name": "K7GW"," 
engine_update":"20210419","engine__ version":"11.176. 36968","me 
thod":"blacklist","result":"Riskware ( 0040eff71 
ahs "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod": "blacklist", "result": "malicious. 29b22b"}, "Arcabit":{"category":" 
undetected","engine_name":"Arcabit","engine_update":"20210419 
""engine_ version": "1.0.0.881 ""method":"blacklist"},"BitDefenderT 
heta" :{"category":"undetected","engine_name":"BitDefenderTheta" 
,"engine_update":"20210414","engine_version":"7.2.37796.0","met 
hod" ‘"blacklist’}, "Cyren":{"category":"malicious","engine_name":"C 
ren","engine_update":"20210420","engine_version":"6.3.0.2","me 
thod":"blacklist","result":"W32/S- 
58b25de1 !Eldorado"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method": "blacklist", TS) 
ymantec".{"category":"malicious","engine_name"."Symantec","eng 
ine_update":"20210419","engine_version":"1.14.0.0","method":"bla 
oklist" "result":"PUA. DownloadSponsor'}, "ESET: 
NOD32": {"category":"malicious","engine_name":"ESET 
NOD32","engine_update":"2021 0419" "engine version": "23160"," 
method":"blacklist","result":"a variant of Win32/DownloadGuide.D 
potentially 
unwanted"},"APEX":{"category":"undetected","engine_name":"AP 
EX","engine_update":"20210419","engine_version":"6.155","metho 
d":"blacklist"},"Paloalto":{"category":"undetected","engine_name":" 
Paloalto","engine_update":"20210420","engine_ version":"1. OM "me 
thod":"blacklist"},"ClamAV":{"category":"malicious","engine_name" 
:"ClamAV","engine_update":"20210419","engine_' version":"0.103.2 
10% "method": “placklist","result":"Win.Malware. Downloadguide- 
6803841 - 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210420" "engine_version":"21 .0.1.45","met 
hod":"blacklist","result":"not-a- 
virus: HEUR:Downloader.Win32.DownloaderGuide.gen"},"BitDefen 
der":{"category":"malicious","engine_name":"BitDefender","engine 
_update":"20210420","engine_version":"7.2","method":"blacklist","r 
esult":"Gen:Variant.Application.Bundler. DownloadGuide.48"},"NA 
NO-Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210419","engine_version":"1.0.146. 


Antivirus","engine_update":"20210419","engine_version":"1.0.146. 
25279","method":"blacklist","result":"Riskware.Win32.Covus.fkfkjs" 
}, "ViRobot": {"category": "undetected", "engine_name":"ViRobot","en 
gine_update":"20210419","engine_version":"2014.3.20.0", "method 
"“"blacklist"},"Avast": {"category": "undetected","engine_| name":"Ava 
st","engine_update":"20210420","engine_version":"21.1.5827.0"," 
method":"blacklist"},"Rising":{"category":"malicious","engine_name 
""Rising","engine_update":"20210419","engine_version":"25.0.0.2 
6","method":"blacklist", "result":"Adware. DownloadGuide!1.A1DB 
(RDMK: cmRtazoekWvSNMJPMSQaRHTxbz3i)"t, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210419","engine_version":"3.0.16.117 
¥ "method": "blacklist","result":"Gen: Variant. Application.Bundler.Do 
wnloadGuide.48"},"Trustlook":{"category":"type- 
unsupported”,"engine_name":"Trustlook","engine_update"."2021 0 
420","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory": "malicious","engine_| name": "Emsisoft","engine_update":"202 
10420","engine_version":"2018.12.0.1641","method":"blacklist","re 
sult":"Gen:Variant. Application.Bundler. DownloadGuide.48 
(B)"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210419","engine_version":"33453","method": 
blacklist","result":"Application. Win32.DownloadGuide. A@7y5gwx"} 
."F-Secure" :{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"Baidu":{"category":"undetected","engine_ 
name": "Baidu","engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"VIPRE":{"category":"malicious","engine 
name": "VIPRE","engine_update":"20210419","engine_version":"9 
7954","method":"blacklist”,"result": "Trojan. Win32. Generic!BT"},"Tr 
endMicro":{"category":"undetected","engine_name":"TrendMicro"," 
engine_update":"20210330","engine_version":"11.0.0.1006", "meth 
od":"blacklist"},"McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210419", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32. Suspicio 
us.hh"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category”: "undetected","engine _| name":"CMC" ,"engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate": "20210419","engine_version":"1.0.2.0","method":"blacklist", 
"result":"DownloadGuide 
(PUA)"},"SentinelOne":{"category":"malicious","engine_name":"Se 
ntinelOne","engine_update":"20210215","engine_version":"5.0.0.2 
0","method":"blacklist","result":"Static Al - Malicious PE"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210419","engine_version":"210419- 
00", "method": "blacklist"},"Jiangmin": {"category": "malicious","engin 
e_name":"Jiangmin","engine_update":"20210419","engine_version 
""16.0.100","method":"blacklist","result": "Downloader.Downloader 
Guide.agk"},"eGambit":{"category":"malicious","engine_name":"eG 
ambit","engine_update":"20210420","method":"blacklist","result":" 
Unsafe.Al_Score_100%"},"Avira":{"category":"undetected","engine 
_name":"Avira","engine_update":"20210419","engine_version":"8. 
3.3.12","method":"blacklist"},"MAX":{"category":"malicious",""engine 
~_name": "MAX","engine_update":"20210420","engine_ version": "20 
19.9.16.1","method":"biacklist","result":"malware (ai 
score\u003d76)"}, “Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210419","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210420","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210419","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Adware.Win32. 
Downloader.vb!s1"},"Microsoft":{"category":"malicious","engine_na 
me":"Microsoft","engine_update":"20210420","engine_version":"1. 
1.18000.5", "method": "blacklist","result":"PUA:Win32/DownloadGui 
de"},"AegisLab":{"category":"undetected","engine_name":"AegisLa 
b","engine_update":"20210420","engine_| version"?"4. 2","method":" 
blacklist"},"ZoneAlarm":{"category":"undetected", "engine. name":" 
ZoneAlarm","engine_update":"20210419", "engine. version":"1.0"," 
method":"blacklist"},"GData":{"category":"malicious","engine_nam 
e":"GData","engine_update":"20210419","engine_version":"A:25.2 
9375B: 27 .22720","method":"blacklist", "result": "Win32.Application. 
DownloadGuide. Ty; "Cynet": {"category": "malicious","engine_name 
""Cynet","engine_update":"20210412","engine_version":"4.0.0.27" 


""Cynet","engine_update":"20210412","engine_version":"4.0.0.27" 
,"method":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 9","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":" PUP/Win32. DownloadGuide.R24528 
9"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_version":"1.1.1.81","method":" 
blacklist"},"ALYac":{"category":"malicious","engine_ name":"ALYac 
""engine_update":"20210420","engine_version":"1.1.3.1","method 
""blacklist","result":"Gen:Variant.Application.Bundler. DownloadGu 
ide.48"},"TACHYON":{"category":"undetected","engine_name":"TA 
CHYON","engine_update":"20210420","engine_version":"2021-04- 
20.01","method":"blacklist"},"VBA32":{"category":"malicious","engi 
ne_name":"VBA32","engine_update":"20210419","engine_version" 
:"5.0.0","method":"blacklist","result":"Downloader.DownloaderGuid 
e"},"Malwarebytes":{"category":"malicious","engine_name":"Malwa 
rebytes","engine_update":"20210420","engine_version":"4.2.2.27", 
"method":"blacklist","result":"Adware. Downloader"},"Zoner" {"categ 
ory":"undetected","engine_name":"Zoner","engine_update":"20210 
419","engine_version":"0.0.0.0","method": “blacklist’}, "TrendMicro- 
HouseCall": {' ‘category": "undetected" ,"engine_name":"TrendMicro- 
HouseCall","engine_update":"20210419","engine_version":"10.0.0 
-1040","method":"blacklist"},"Tencent":{"category":"undetected","e 
ngine_name":"Tencent","engine_update":"20210420","engine_ver 
Bie ROOM me "method": “blacklist’}, "Yandex":{"category":"maliciou 
s","engine_name":"Yandex","engine_update":"20210415","engine 
version":"5.5.2.24", "method": "blacklist","result": "Trojan.GenAsa!4 
hPael7leTc"}, "Ikarus": {"category": "malicious" ,"engine_name":"Ikar 
us","engine_update":"20210419","engine_version":"0.1.5.2","meth 
od": "blacklist", “result”: "PUA. DownloadGuide"}, "MaxSecure": {"cate 
gory":"malicious","engine_name":"MaxSecure","engine_update":"2 
0210417" "engine. version":"1.0.0.1","method": "blacklist", "result":" 
Trojan.Malware.121218.susgen"}, "Fortinet": {"category":"malicious" 
,"engine_name":"Fortinet","engine_update":"20210419","engine_v 
ersion":"6.2.142.0","method":"blacklist","result":"Riskware/Downlo 
aderGuide"}, "Webroot": {"category": "malicious" ,"engine_name":"W 
ebroot","engine_update":"20210420","engine_version":"1.0.0.403", 
"method"."blacklist", "result":"Pua.Freemium’},"Panda"{"category": 
"undetected","engine_name":"Panda","engine_update":"20210419 
""engine_version":"4.6.4.2","method": “blacklist’}, "CrowdStrike":{"c 
ategory":"malicious", "engine name":"CrowdStrike","engine_updat 
e":"20210203" "engine_version":"1 .0","method":"blacklist","result":" 
Winmnalieiguc ,_confidence_100% (D)"},"Qihoo- 
360":{"category":"undetected","engine_name":"Qihoo- 
360","engine_update":"20210420","engine_version":"1.0.0.1120"," 
method":"blacklist"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":44,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":25},"last_modification_date":"161899 
3214","last_ submission | date":"1618882865","md5":"28c116629b2 
2b95ea52a1859a46484b2" ,"meaningful_name":"28c116629b22b9 
5ea52a1859a46484b2.virus","names":["28c1 16629b22b95ea52al 
859a46484b2.virus"],"reputation":"0","sha1":"0b5ab8961241 7dc65 
eb1eeat94efc55dcd75c89","sha256":" 9ffb8ce09d03702cce 1 0c73 
126aa71d87f82ed951001c75d21c29633b7c8879f","size":"559824 
o "tags": ["peexe", "signed","overlay"],"times_submitted":"1 ""total_v 
otes" {"harmless": LOn "malicious": "O"},"type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"05505665 
7d15555091z21280064728015z301 0036fz", "authentihash":"9716a 
15101 f9e06ea2891e83359d99e64ad 1a058206719b33e4cdb342a6 
84e12","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"85052","imphash":"c581e778ba559d8 
e6a1073ed4b1 45b6r" ,"import_list": [{"imported_ functions" :["GetSav 
eFileNameW","GetOpenFileNameW'"},"library_name":"COMDLG3 
2.dll"},{"imported_functions":["GetDeviceCaps","DeleteDC","Select 
Object","GetStockObject","CreateSolidBrush","GetObjectW","Crea 
teCompatibleDC","DeleteObject"],"library_name":"GDI32.dll"},{"im 
ported_functions":["RegCreateKeyExW","RegDeleteValueW","Reg 
CloseKey","RegSetValueExW","RegQuerylInfoKeyW","RegEnumkK 
eyExW","RegOpenkKeyExW","RegDeleteKeyW","RegQueryValueE 
xW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetS 
tdHandle","InterlockedPopEntrySList","WaitForSingleObject","Enc 
odePointer","DeleteCriticalSection","GetCurrentProcess","GetCon 
soleMode","LocalAlloc","FreeEnvironmentStringsW","SetStdHandl 


soleMode","LocalAlloc","FreeEnvironmentStringsW","SetStdHandl 
e","GetCPlInfo","WriteFile","GetSystemTimeAsFileTime","HeapRe 
Alloc","GetStringTypeW","FreeLibrary","InterlockedPushEntrySList 
""LoadResource","FindClose","InterlockedDecrement","GetFullPa 
thNameW","DebugBreak","SetLastError","TlsGetValue","OutputDe 
bugStringW","GetModuleFileNameW","|sDebuggerPresent","Heap 
Alloc","IstrempiW","HeapSetInformation","UnhandledExceptionFilt 
er","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx"," 
FlushInstructionCache","SetUnhandledExceptionFilter","MulDiv","| 
sProcessorFeaturePresent","DecodePointer","TerminateProcess", 
"GlobalAlloc","SetEndOfFile","GetCurrentThreadld","LeaveCritical 
Section","WriteConsoleW","InitializeCriticalSectionAndSpinCount", 
"HeapFree","EnterCriticalSection","SetHandleCount","LoadLibrary 
W","GetOEMCP","QueryPerformanceCounter","GetTickCount","TI 
sAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetFileSiz 
e","GetStartupInfoW","GlobalLock","GetProcessHeap","GetT empF 
ileNameW","FindNextFileW","FindFirstFileW","|strcmpW","GetProc 
Address","CreateEventW","CreateFileW","GetFileType","TlsSetVal 
ue","ExitProcess","InterlockedIncrement","GetLastError","LCMapS 
tringW","IstrlenA","GetConsoleCP","GetEnvironmentStringsW","Gl 
obalUnlock","IstrlenW","SizeofResource","GetCurrentProcessld"," 
GetCommandLineW","WideCharToMultiByte","HeapSize","Interloc 
kedCompareExchange","RaiseException","MapViewOfFile","TIsFr 
ee" ,"SetFilePointer","ReadFile","CloseHandle","GetACP","GetMod 
uleHandleW","GetFileAttributesExW","IsValidCodePage","HeapCr 
eate","FindResourceW","VirtualFree","Sleep","VirtualAlloc"],"librar 
y_name":"KERNEL22.dll"},{"imported_functions":["LoadRegTypeLi 
b","VariantChange Type", "SysStringLen”, "SysStringByteLen", "Var 
BstrCat","VariantClear","SysAllocString","OleCreateFontIndirect"," 
DispCallFunc","VariantCopy", "LoadTypeLib", "SysFreeString", "Sys 
AllocStringByteLen","Variantlnit","VarUl4FromStr'],"library_name": 
"OLEAUT32.dll"},{"imported_functions":["Shell_NotifylconW","Com 
mandLineToArgvW","DoEnvironmentSubstW"],"library_name":"SH 
ELL32.dll"},{"imported_functions":["CreateStreamOnHGlobal","Ole 
LockRunning","Olelnitialize","CoTaskMemRealloc","CoCreatelnsta 
nce","OleUninitialize","CoTaskMemFree","CoTaskMemAlloc"],"libr 
ary_name":"ole32.dll"},{"imported_functions":["PathFileExistsW"],"I 
ibrary_name":"SHLWAPI.dIl"},{"imported_functions":["SetFocus"," 
RegisterWindowMessageW","GetMonitorInfoW","GetClass|InfoEx 
W","RedrawWindow","BeginPaint","DefWindowProcW","KillTimer", 
"GetMessageW","ShowWindow","MapWindowPoints","GetParent" 
,"SetWindowLongW","IsWindow","PeekMessageW","GetWindowR 
ect","EndPaint","UpdateWindow","MoveWindow","SetWindowPos" 
,TranslateMessage","GetWindowTextLengthW","PostMessageW" 
,"GetSysColor","DispatchMessageW","GetDC","ReleaseDC","Sen 
dMessageW","UnregisterClassA","GetWindowLongW","|sWindow 
Visible" ,"SetWindowTextW","GetDigltem","GetWindow","Loadima 
geW","MonitorFromWindow","ClientToScreen","InvalidateRect","S 
etTimer","CallWindowProcW","GetClassNameW","FillRect","Creat 
eAcceleratorTableW","GetWindowTextW","GetDesktopWindow'"," 
LoadCursorW","LoadiconW","GetFocus","CreateWindowExW","R 
egisterClassExW", "GetClientRect","CharNextW","IsChild","Destro 
yWindow"],"library_name": "USER32. dll"}]," ‘machine ._type":"332","0 
verlay":{"chi2":6440.02001953125,"entropy":7. 583457946777344, 
"filetype":"Data","md5": "cAccb62166e47891 753ea1 1e946de486","0 
ffset":"552960","size":"6864"},"resource_details":[{"chi2":206692. 8 
125,"entropy": 5.394310474395752 ,"filetype":"Data","lang":"NEUT 
RAL","sha256":"abcb0193ed76d190556c37481 36be9e0230f2bf5e 
244d104d00ac77d921 068ac", "type":"RT_ICON"},{"chi2":80781.07 
8125,"entropy":5.588585376739502,"filetype":"Data","lang":"NEU 
TRAL","sha256":"cd664a1691a50e28a0fac9b5431 8be7be51d6d1 
€0383b777e32b654e04ab5305","type":"RT_ICON"},{"chi2":1 5863. 
77441 40625,"entropy":5.9216437339782715,"filetype":"Data","lan 
g":"NEUTRAL","sha256":"149e12281 09b9cd360242bfe031c26f49 
54628287c7b78c7578ba69a878ali49", "type":"RT. _|CON"}, {"chi2": 
3685.33251953125,"entropy":2.4584920406341553, "filetype":"Dat 
a","lang": "NEUTRAL","sha256":"77a1 efb61 36f52dd2372987b1 3bf 
486aa7Sbaeach93bad009aa3e284c57b8694", "type":"RT_GROUP 
_ICON"},{"chi2":19078.84765625,"entropy":2. 966618061065674,"f 
iletype":"Data","lang":"NEUTRAL","sha256":"ddee1 9afcc2b01d589 
ef6tida1a4f3d29b7edfcb9ae22ca4d39ce46f6ba76752", "type":"RT 
_VERSION'"},{"chi2":3945.59 1 796875,"entropy":4.8845167160034 
18,"filetype":"application/xml","lang": "NEUTRAL", "sha256":"82816 
c86a72cc9cc615c7a4835862ce780b83379b32a9 1 7a65b59c2b2a 
13b94f","type":"RT_MANIFEST"}],"resource_langs":{"NEUTRAL":" 
6"},"resource_types":{"RT_ICON":"3","RT_MANIFEST":"1","RT_V 
ERSION":"1","RT_GROUP_ICON": Tit "sections" :[{"chi2": 191661 
8.75 "entropy": 6.56,"flags":"rx","md5":"66fb890b6815e40e6282ea 


8.75,"entropy":6.56,"flags": "x, "md5":"66fb890b681 5e40e6282ea 
451878b382","name":".text","raw_size":"361472","virtual_address" 
"4096","virtual | size": "361286", {"chi2":890169. 38," "entropy":7.29," 
flags"."r aye There "d8a20660cb464e3dff63'62da0282331" ,"name":". 
data","raw_size":"138240","virtual_address":"368640", "virtual eee 
a "137808", {"chi2":730928.75,"entropy":3.94,"flags":"rw","md5":"7 
b335a4c050ac3f0c981d08e1 58d44de", “name":" data", "raw size":" 
8704","virtual_address":"507904", "virtual_size": "18560"},{"chi2":36 
4092. 38," "entropy":5.49 ,"flags"."r “r","md5":"7bbdecccc0cf96f0d7502 
1077ab6b110","name":".rsrc","raw_size":"16384","virtual_address" 
"528384", "virtual |_ size": "16064"), {"chi2":517750. 28," "entropy":5.83, 
“flags":"r" "md5": "37fa0adc7813e1 f2f485deec07d8b5eb", "name": 
reloc’, "raw_size":"271 36","virtual_address" "544768","virtual_ size" 
:"26894"}],"timestamp":"1542344584"},"signature_info":{"signers":" 
WeQ Influencers GmbH; Sectigo RSA Code Signing CA; 
USERTrust RSA Certification Authority; Sectigo (AAA)","signers 
details":[{"algorithm":"sha256RSA","cert issuer":"Sectigo RSA 
Code Signing CA","name":"WeQ Influencers GmbH","serial 
number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 31 D3 7A 
4F","status":"Valid","thumbprint":"CC4AD630AA5C31B407D96FF 
50DC8445F76BEF5EC", valid from":"12:00 AM 03/17/2021","valid 
to":"11:59 PM 03/17/2022","valid usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"USERTrust RSA 
Certification Authority","name":"Sectigo RSA Code Signing 
CA","serial number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 
33 D3 
6A","status":"Valid","thumbprint":"94C95DA1E850BD85209A4A2A 
F3E1FB1604F9BB66","valid from":"12:00 AM 11/02/2018","valid 
to":"11:59 PM 12/31/2030","valid usage":"Code Signing, 
Timestamp Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA 
Certificate Services","name":"USERTrust RSA Certification 

a number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 
95","status":"Valid","thumbprint":"D89E3BD43D5D909B47A18977 
AA9D5CE36CEE184C", "valid from":"12:00 AM 03/12/2019","valid 
to":"11:59 PM 12/31/2028","valid 
usage":"All"},{"algorithm":"sha1RSA","cert issuer":"AAA Certificate 
Services","name":"Sectigo (AAA)","serial 
number":"01","status":"Valid", "thumbprint":"D1EB23A46D17D68F 
D92564C2F1F1601 764D8E349", "valid from":"12:00 AM 
01/01/2004","valid to":"11:59 PM 12/31/2028","valid usage":"Client 
Auth, Code Signing, EFS, Email Protection, IPSEC Tunnel, IPSEC 
User, Server Auth, Timestamp Signing"}],"signing date":"01:42 AM 
04/20/2021 "."verified"."Signed","x509":[{"algorithm”."sha1 RSA","c 
ert issuer":"AAA Certificate Services","name":"AAA Certificate 
Services","serial 

number":"01 ""thumbprint":"D1EB23A46D17D68FD92564C2F1F1 
601764D8E349","valid from":"2004-01-01 00:00:00","valid 
to":"2028-12-31 23:59:59"},{"algorithm":"sha256RSA","cert 
issuer":"Sectigo RSA Code Signing CA","name":"WeQ Influencers 
GmbH","serial number":"7B 3F 3A 3A BA DO E5 4A 4C F5 72 08 
31 D3 7A 
4F","thumbprint":"CC4AD630AA5C31B407D96FF50DC8445F76B 
EF5EC", "valid from":"2021-03-17 00:00:00","valid to":"2022-03-17 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha384RSA","cert issuer":"AAA Certificate 
Services","name":"USERTrust RSA Certification Authority","serial 
number":"39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 
95","thumbprint":"D89E3BD43D5D909B47A18977AA9D5CE36CE 
E184C","valid from":"2019-03-12 00:00:00","valid to":"2028-12-31 
23:59:59" {"algorithm":"sha384RSA","cert issuer":"USERTrust 
RSA Certification Authority","name":"Sectigo RSA Code Signing 
CA","serial number":"1D A2 48 30 6F 9B 26 18 DO 82 E0 96 7D 


33 D3 

6A","thumbprint":"94C95DA1 E850BD85209A4A2AF3E1FB1604F 
9BB66","valid from":"2018-11-02 00:00:00","valid to":"2030-12-31 
23:59: 59", "valid_usage":"Code Signing, Timestamp 
Signing"}]},"ssdeep":"12288:h4fmuV/2SIl1 MCAHabs10WozQsmkn 
Y87Z1 EPcIMkc9A7Z2:h42DMCA6b5fWQmknY87LEPcl9nl", "trid":[ 
{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 
(generic)","probability":7.0}]},"id":"9ffo8ce09d03702cce10c73126a 
a/1d87f82ed951001¢75d21c29633b7c8879f","links":{"self":"https:/ 
/www.virustotal.com/api/v3/files/9ffo8ce09d03702cce10c73126aa 
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{"attributes":{"creation_date":"1521750900","first_submission_date 
""1618324356","last_analysis_date":"1618324356","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210413","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": "category 
""malicious","engine_name":"Elastic","engine_update":"20210407 
,"engine_| version":"4.0. 19","methoad": “blacklist”, "result":"malicious 
(high 
confidence)"},"DrWeb":{"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210413","engine_ version":"7.0.49.9080 
""method":"blacklist","result":"Trojan.Siggen6.51060"},"MicroWorl 
d-eScan" :{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update": "20210413", "engine_version":"14.0.409.0 
""method":"blacklist","result":"Trojan.Agent. DDSN"}, "FireEye":{"ca 
tegory": "malicious", "engine. name":"FireEye","engine_update":"20 
210413","engine_version":"32.44.1.0", "method": "blacklist","result": 
"Generic. mg.6c438ae3ffd77a6e"}, ‘CAT: 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210413","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.CobaltStrk.S 1945361 8"},"McA 
fee" :{"category": "malicious" ,"engine_name":"McAfee","engine_upd 
ate":"20210413","engine_version":"6.0.6.653","method":"blacklist", 
"result":"GenericRXLR- 
FS!6C438AE3FFD7"},"Cylance":{"category":"malicious","engine_n 
ame":"Cylance","engine_update":"2021041 3”,"engine_version":"2. 
3.1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"category": 
"undetected" ,"engine_| name": "Zillya","engine_update":"20210413", 
"engine _ version":"2.0.0.4339","method":"blacklist"}, "SUPERAntiSp 
yware":{"category": "undetected" ,"engine_name":"SUPERAntiSpyw 
are","engine_update":"20210409","engine_version":"5.6.0.1032"," 
method": "placklist"},"Sangfor":{"category":"malicious","engine_na 
me":"Sangfor","engine_update":"20210402","engine_version":"2.9. 
0.0", "method":"blacklist", "result":"Trojan.Win32.Save.a"},"K7AntiVi 
rus":{"category":"malicious","engine_name":"K7AntiVirus","engine 
_update":"20210413","engine_version":"11.176.36913", "method":" 
blacklist","result":"Trojan ( 00520fd01 
ale "Alibaba": {"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5","method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_ name": "K7GW"," 
engine_update":"20210413","engine_version":"11.176.36914","me 
thod":"blacklist","result":"Trojan ( 00520fd01 
Dabs "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 3ffd77"}, "BitDefenderTheta": {"ca 
tegory": "malicious", "engine_name":"BitDefenderTheta","engine_u 
pdate":"20210402","engine_version":"7.2.37796.0","method":"blac 
klist","result":"Al: Packer.D68D66301 E"},"Cyren":{"category":"malic 
ious","engine_name":"Cyren","engine_update":"20210413","engin 
e_version":"6.3.0.2","method":"blacklist","result":"W32/Rozena.AD. 
gen!Eldorado"}, "SymantecMobilelnsight”: {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210413","engine_version":"1.14.0.0","method":"bla 
cklist","result":"Backdoor. Rozena"},"ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210413","engine_version":"23124"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.WZ"},"APEX":{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210413","engine_version":"6.152", 
nmetied®: "blacklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_name":"Avast","engine_update":"20210413","engine 
“version”: Tale teks 7/0)" "method": "placklist","result": "Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210413","engine_version":"0.103.2.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210413" "engine_version":"21 : 
0.1.45","method":"blacklist","result":"HEUR:Trojan.Win32.CobaltSt 
rike.gen"},"BitDefender":{"category":"malicious","engine_name":"Bi 
tDefender","engine_update":"20210413","engine_version":"7.2","m 
ethod":"blacklist","result":"Trojan.Agent.DDSN"},"NANO- 
Antivirus" {"category": "malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210413","engine_version":"1.0.146. 
syT "method": "blacklist","result": "Virus. Win32.Gen- 
Crypt.ccnc"},"Paloalto":{"category":"undetected","engine_name": 
Paloalto","engine_update":"20210413","engine_version":"1.0","me 
thod":"blacklist"},"ViRobot":{"category":"undetected","engine_nam 


thod":"blacklist"},"ViRobot":{"category":"undetected","engine_nam 
e":"ViRobot","engine_update":"20210413","engine_version":"2014. 
3. 20.0", "method": "blacklist"},"Tencent": {"category": "undetected","e 
ngine_name":"Tencent","engine_update":"20210413","engine_ver 
sion":"1.0.0.1","method":"blacklist"},"Ad- 
Aware" category": "malicious","engine_name":"Ad- 
Aware","engine_update":"20210413","engine_version":"3.0.16.117 
i "method": "blacklist","result":"Trojan.Agent.DDSN"},"Trustlook":{"c 
ategory": "type- 
unsupported","engine_name":"Trustlook","engine_update":"2021 0 
413","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory":"malicious","engine_name":"Emsisoft","engine_update":"202 
10413","engine_' version": "2018.12.0.1641", “method”: "blacklist","re 
sult":"Trojan. Agent. DDSN 
(B)"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210413","engine_' version": "33435","method": " 
blacklist","result":"TrojWare. Win32. Kryptik. BYGK@59ple7"}, "F- 
Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"VIPRE":{"category":"undetected","engin 
eC! name": "VIPRE","engine_update":"20210413","engine_version":" 
91800","method":"blacklist"},""TrendMicro":{"category":"malicious"," 
engine_name":"TrendMicro","engine_update":"20210330" "engine 
_version":"11.0.0.1006","method":"blacklist","result":" Backdoor. Wi 
n32.COBEACON.SMC"},"McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210413", "engine_version":"v2019.1.2 
+3728","method":"blacklist","result":"BehavesLike.Win32.Generic. 
dc"}, "Trapmine" :{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version":"2.10.2019. ie "method": "blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate":"20210413","engine_version":"1.0.2.0","method":"blacklist", 
"result":"ML/PE-A + ATK/Cobalt- 
AH"},"SentinelOne":{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" ,"engine_version":"5.0.0.20"," 
method":"blacklist","result":"Static Al - Malicious 
PE"},"GData"{"category":"malicious","engine_name":"GData","en 
gine_update":"20210413","engine_version":"A:25.29311B:27. 2264 
2","method":"blacklist", "result":"Win32. Trojan.Mexec.B"},"Jiangmin 
ee {"category": "malicious" ,"engine_name":"Jiangmin","engine_updat 
e":"20210412","engine_version":"16.0.100","method":"blacklist","re 
sult": "Trojan. Cometer. ayd"},"Webroot":{' ‘category": "undetected","e a 
ngine_name":"Webroot","engine_update":"20210413","engine_ver 
sion":"1.0.0.403","method":"blacklist"},"Avira":{"category":"maliciou 
s","engine_name":"Avira","engine_update":"20210413","engine_v 
ersion":"8.3.3.12", "method": "placklist","result": "TR/Crypt. XPACK.G 
en"},"MAX": "category": "malicious","engine_name":"MAX","engine 
_update":"20210413","engine_' version":"2019.9.16. 1","method":"bl 
acklist","result":"malware (ai score\u003d87)"},"Antiy- 
AVL": {"category": "undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210413","engine_version":"2017. 
9. 26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210413","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"},"Arcabit":{"category":"malicious","engine_name":"Arc 
abit","engine_update":"20210413","engine_version":"1.0.0.881","m 
ethod": "blacklist","result":"Trojan. Agent. DDSN'"},"AegisLab": octal 
gory": "undetected", "engine_name":"AegisLab","engine_update":"2 
0210413","engine_version":"4.2","method":"blacklist"},"ZoneAlarm 
"{"category":"malicious","engine_name":"ZoneAlarm","engine_up 
date":"20210413","engine_version":"1.0","method": "blacklist", "resu 
It":"HEUR:Trojan.Win32.CobaltStrike. gen"}, "Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210413","engine_version":"210413- 
O02 "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
el name": "Microsoft","engine_update":"20210413","engine_versio 
n":"1.1.18000.5","method":"blacklist","result":"HackTool:Win32/Co 
baltStrike. A"}, "Cynet": {"category": "malicious" ,"engine_name":"Cyn 
et","engine_update":"20210412", "engine version":"4.0.0.27","met 
hod":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 


100)"}, "BitDefenderFalx": {"category": "type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version": "2. 0.936", "method": “placklist"}, "AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 3","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_version":"1.1.1.81", "method":" 
blacklist'}, "ALYac":{"category":"malicious","engine_ name":"ALYac 
,"engine_update":"20210413","engine_version":"1.1.3.1","method 
ue “blacklist”, "result":"Trojan. Agent. DDSN"},"TACHYON":{"category 
ae malicious", "engine_ name": "TACHYON","engine_update":"2021 
0413", "engine. version":"2021 -04- 
13.02","method":"blacklist", "result":"Trojan/W32. CobaltStrike.2257 
92"},"VBA32":{"category":"malicious","engine_name":"VBA32","en 
gine_update":"20210413","engine_| version":"5.0. 0","method":"blac 
klist", "result "Trojan. CobaltStrike’}, "Malwarebytes" :{"category":"m 
alicious","engine_name":"Malwarebytes","engine_update":"20210 
41 /3","engine_version":"4.2.1 al 8","method": "blacklist","result":"Gen 
eric. Trojan. Malicious. DDS"},"Zoner":{"category": "malicious", “engin 
e_name":"Zoner","engine_update":"20210412","engine_version": 
ui 0.0.0", "method": "placklist","result":"Trojan.Win32.69381"},"Trend 
icro- 
HouseCall":{"category": malicious","engine_name":"TrendMicro- 
HouseCall","engine_update": "20210413" ,"engine_version":"10.0.0 
-1040","method":"blacklist","result":"Backdoor.Win32.COBEACON. 
SMC"},"Rising": {"category": "malicious","engine_name":"Rising","e 
ngine_update":"20210413","engine_version":"25.0.0.26","method": 
"blacklist","result":"Malware.Heuristic!ET#100% 
(RDMK:cmRtazrWQjQHd6Y Q72Nwl92H/PIK)"},"Yandex":{"categor 
y":"malicious","engine_name":"Yandex","engine_update":"202104 
13","engine_version":"5.5.2.24","method":"blacklist","result":"Troja 
n. GenAsalzvVdoDjE9iw’}, "Ikarus": {"category": "malicious", “engine 
_name":"Ikarus","engine_update":"20210413","engine_version":"0. 
1.5.2","method": "blacklist", "result":"Trojan.Win32.Swrort’}, "eGamb 
ity: "category": "malicious","engine_name":"eGambit","engine_upda 
te":"20210413","method": “blacklist”, "result":"Unsafe.Al | Score_99 
%"},"Fortinet":{"category":"malicious","engine_name": "Fortinet","en 
gine_update":"20210413","engine_version":"6.2.142.0", "method":" 
blacklist","result": "W32/Rozena. W2Z!tr"},"MaxSecure":{"category":" 
malicious", "engine_name":"MaxSecure","engine_update":"202104 
12","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan. 
Malware.300983.susgen"},"AVG":{"category":"malicious","engine_ 
name":"AVG","engine_update":"20210413","engine_version":"21.1 
.5827.0","method":"blacklist","result":"Win32:HacktoolX-gen 
[Trj]"},"Panda":{"category":"undetected","engine_name":"Panda", 
engine_update":"20210413","engine_' version":"4.6.4. ie "method":" 
blacklist"},"CrowdStrike":{"category":"malicious" "engine_name":"C 
rowdStrike","engine_update":"20210203","engine_version":"1.0"," 
method":"blacklist","result":"win/malicious_confidence_90% 
(D)"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210413","engine_version":"1.0.0.1120"," 
method":"blacklist","result":"HEUR/QVM19.1.8F6A.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":53,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":17},"last_modification_date":"161841 
4700","last_submission_date":"1618324356","md5":"6c438ae3fid7 
7a6ed5b2bf049e585ed29","meaningful_name":"cobaltstrike_shellc 
ode.exe","names":["cobaltstrike_shellcode.exe"],"reputation":"0","s 
ha1":"25ed0509bcb7cfa6401e9d752a17c500bb656653","sha256": 
"b3880aa40a577e8f23091 28886471 8ddfacd8789a927730eba67e 
65bc3da224f","size":"225792" ,"tags": ["peexe","direct-cpu-clock- 
access", "Checks-network- -adapters","long- sleeps", "runtime- 
modules’, "times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_description": "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151c0d1d1d1e7az1a1c\u003dz", "guthentihash":"385ba85c9d684b 
Ydbb29de96d59be48d 1 b06d5aac45f340d6f920c3ae7bac477","m 
agic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","CreateThre 
ad" ,"GetModuleHandleA","SetUnhandledExceptionFilter" ,"GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
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tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection","VirtualQuery","TlsGetValue", "Sleep", "GetCurre 
ntThreadla", "VirtualAlloc", "LeaveCriticalSection' ie ‘library_name": a 
KERNEL32.dll"}, {"imported | functions":["strncmp","___Iconv_init","m 
alloc","___dllonexit","_cexit","abort","fprintf","_fmode","_amsg_| exit", 
"fwrite",”_ palOCKene onexit", "_initenv","exit"," setusermatherr"," ac 
mdin"," " unlock", "free" ."viprintt", a '_getmainargs", "calloc", "strlen", _ 
winmajor","memcpy","signal","_initterm","__set_app_type","_iob"],” 
lilbrary_name": "msvert.dll"}],"machine _ type”: "332","sections":[{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5": "Obc7c2f2db333e57 
78e909890d9e8894", “name":" .text", "raw size":"7168","virtual_add 
ress":"4096","virtual_size":"6852"}, "chi2": 188014.75,"entropy":2.5 
6,"flags": "rw", "md5":"9d60a3432aa5f4951049c77a5dc197bb","na 
me":".data", "raw __size":"2048","virtual_address":"12288","virtual_si 
ze":"1572"},{"chi2":37294.0 "entropy": ArO3 “flagsiean "mds": "77eb2 
142360efdb/76ccae3251d953fba","name":".rdata", "raw size":"102 
4","virtual_address"."1 6384","virtual_size":"720"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98t00b204e9800998 
ecf8427e", “name":" .bss", "raw size":"0","virtual_address":"20480"," 
virtual_size":"1052"},{"chi2":110674.25,"entropy":4.13 »"flags”: ee . 
md5":"33dd26a9f00ba3b34a7aG6b2ae3e68881" ,"name":".idata","r 
w_size":"2048","virtual_address":"24576", "virtual |_size":"1584"}, te 
hi2":123016.0 "entropy": 0.27,"flags":"rw", *md5":"0c2ac70a2303ea 
6ede1 15718b8aca665","name":".CRT", "raw size":"512","virtual_a 
ddress":"28672","virtual_size":"52"}, {"chi2": 124501.0," entropy": 0.2 
2,"flags":"rw","md5":"fobb2f655a2d41a7ed1460a1 8df87b605", "nam 
en" .tls","raw_size":"512","virtual_address":"32768", virtual | size": x 
32"), {"chi2":11056.09,"entropy":7.97 ,"flags": "rwx", "md5":"87239fa7 
2acb27f8c804cf28bcd6061b", "name":".ewmc","raw_size":"211456 
""virtual_address":"36864","virtual_size":"211 184"\],"timestamp":" 
1521750900"},"ssdeep":"3072:/h0OR8IlvyoH327KBZ2q/flStSKZGEz/ 
oMcAHylc1 A6km4hh/Te3c+cKgxy:/SR8NXX27qEKIBda/nHr/IcRE 
""trid":[{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":38.7},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)", "probability": 20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)", "probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"b3880aa40a577e8f23091 28886 
471 8ddfacd8789a927730eba67e65bc3da224f","links":{"self":"http 
s://www.virustotal.com/api/v3/files/b3880aa40a577e8f2309 128886 
471 8ddfacd8789a927730eba67e65bc3da224f"},"type":"file"} 
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{"attributes":{"creation_date":"708992537","first_submission_date" 
:"1618045895","last_analysis_date":"1618045895","last_analysis_ 
results": {"Bkav":{"category": "malicious","engine_name":"Bkav","en 
gine_| update":"20210410","engine_version":"1.3.0.9899", "method": 
"placklist","result":"W32. AiDetect.malware1" },"Elastic" {"category": 
"malicious","engine_name":"Elastic","engine_update":"20210407", 
Ree version":"4.0. 19","method": “blacklist”, "result":"malicious 
high 

confidence)"}, "DrWeb":{"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210410" “engine_version":"7.0.49.9080 
""method": "blacklist","result":"Trojan.MulDrop. 13392"},"MicroWorl 
d- eScan" {{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update": "20210410", "engine_version":"14.0.409.0 
" "method": "blacklist","result":"Backdoor.Hupigon.AAEA"},"FireEye 
"{"category": "malicious" ,"engine_name":"FireEye","engine_update 
":"20210410","engine_version":"32.44.1.0","method":"blacklist","re 
sult":"Generic.mg.4371 33b795d024e4"},"CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210409","engine_version":"14.00" 
,"method":"blacklist","result":"Trojandownloader.Generic"},"McAfee 
"{"category":"malicious","engine_name":"McAfee","engine_update 
""20210410","engine_version":"6.0.6.653","method":"blacklist","re 
sult":"GenericRXAA- 
AA!437133B795D0"},"Cylance":{"category":"malicious","engine_n 
ame":"Cylance","engine_update":"20210410","engine_version":"2. 
3. 1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"category": 
"malicious", "engine_name":"Zillya","engine_update":"2021 0409"," 
engine_version":"2.0.0.4337","method":"blacklist’,"result":"Backdo 
or.Hupigon.Win32.208496"},"SUPERAntiSpyware":{"category":"un 
detected","engine_name":"SUPERAntiSpyware","engine_update": 
"20210409","engine_version":"5.6.0.1032","method":"blacklist"},"S 
angfor":{"category":"malicious","engine_name":"Sangfor","engine_ 
update":"20210402","engine_version":"2.9.0.0","method":"blacklist 
""result":"Trojan. Win32.Save.a"},"K7AntiVirus":{"category":"malici 
ous", "engine_name":"K7AntiVirus","engine_update":"20210410"," 
engine_version":"11.175.36890","method":"blacklist","result":"Troj 
an-Downloader ( 005166de1 
)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5","method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210410","engine_version":"11.175.36890", "me 
thod":"blacklist","result":"Trojan-Downloader ( 005166de1 

ale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_| update": "20210330","engine_version":"1.2.449","met 
hod":"blacklist", “result”: "malicious. 795d02"}, "BitDefenderTheta’: {uC 
ategory": "malicious", ‘engine_name":"BitDefenderTheta","engine_ 
update":"2021 0402", "engine_version":"7.2.37796.0", "method":"bla 
cklist","result":"Al:Packer.0AE1DC561E"},"Cyren":{"category":"mal 
icious" ,"engine_name":"Cyren","engine_update":"20210410","engi 
ne_version":"6.3.0.2", "method": "blacklist","result":"W32/Delfloader. 
B.gen!Eldorado"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210409","engine_version":"1.14.0.0","method":"bla 
cklist","result":"ML. Attribute. HighConfidence"},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update": "20210410" ,"engine_version":"23109"," 
method":"blacklist","result":"Win32/T, rojanDownloader. Delf. CEE"), 2 
APEX":{"category":"malicious" "engine _ name":"APEX","engine_up 
date":"20210404","engine_version":"6.151","method":"blacklist","re 
sult":"Malicious"},"Avast":{"category":"malicious","engine_name":" 
Avast","engine_update":"20210410","engine_version":"21.1.5827. 
0","method":"blacklist","result":"Win32:Hupigon-HBV 

(Tri), "ClamAV": {"category": "malicious","engine_name":"ClamAV", 
"engine_update":"20210409","engine_version":"0.103.2.0","metho 
d":"blacklist","result":"Win. Trojan. Hupigon-9832808- 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210410","engine_version":"21.0.1.45","met 
hod":"blacklist","result":"HEUR:Trojan- 

Downloader.Win32. Generic"},"BitDefender":{"category":"malicious 
""engine_name":"BitDefender","engine_update":"20210410","engi 
ne_version":"7.2","method": "blacklist", “result” "Backdoor. Hupigon. 
AAEA"},"NANO- 

Antivirus" {"category": malicious","engine_name":"NANO- 
Antivirus", “engine_update": "2021041 0","engine_version":"1.0.146. 
25279","method":' ‘placklist","result":"Trojan.Win32.Delphi.esnieb"}, 
"Paloalto":{"category": "undetected" ,"engine_name":"Paloalto","eng 


we ww 


"Paloalto":{"category":"undetected","engine_name":"Paloalto","eng 
ine_update":"20210410","engine_version":"1.0","method": "blacklist 
"\."AegisLab": "category": "undetected","engine_name":"AegisLab", 
"engine_update":"20210410","engine_version":"4.2","method":"bla 
cklist"},"Tencent":{"category":"malicious","engine_name":"Tencent 
","engine_update":"20210410","engine_version":"1.0.0.1","method 
""blacklist","result":"Malware.Win32.Gencirc.10b7ce75"}, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210410","engine_version":"3.0.16.117 
""method":"blacklist","result":"Backdoor.Hupigon.AAEA"},"Trustloo 
kK": {"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
410","engine_version":"1.0","method":"blacklist"}," TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
"1"20210410","engine_version":"2021 -04- 
10.02","method":"blacklist"},"Sophos":{"category":"malicious","engi 
ne_| name": "Sophos","engine_update":"20210410","engine_' version 
"-"70.2.0","method":"blacklist","result":"ML/PE-A + Mal/DelpDldr- 
at "Comodo": {"category": "malicious" ,"engine_name":"Comodo","e 
ngine_update":"20210410","engine_version":"33425","method": "pl 
acklist",result":"TrojWare. Win382. TrojanDownloader.Delf.gen@1 x 
qow5"},"F-Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"VIPRE":{"category":"malicious","engine 
“name”: "VIPRE","engine_update":"20210410","engine_version":"9 
1722","method": "blacklist", "result":"Trojan.Win32.Generic!BT"},"Tr 
endMicro" :{"category": "undetected" ,"engine_name":"TrendMicro"," 
engine_update":"20210330","engine_version":"11.0.0.1006","meth 
od":"blacklist"},"McAfee- Gw- 
Edition":{"category":"undetected","engine_name":"McAfee-GW- 
Edition","engine_update": "2021041 0","engine_version":"v2019.1.2 
+3728","method":"blacklist"},"Trapmine":{"category":"type- 
unsupported", "engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210410","engine_version":"2018.12.0.1641", "method" 
blacklist” “result":"Backdoor. Hupigon.AAEA 
(B)"}, "SentinelOne" :{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" ,"engine_version":"5.0.0.20"," 
method":"blacklist","result":"Static Al - Malicious 
PE"},"GData": {"category": "malicious","engine_name":"GData","en 
gine_update":"20210410","engine_version":"A:25.29279B:27.2260 
Sue "method": "blacklist", "result":" Backdoor. Hupigon.AAEA"}, "Jiang 
min":{"category": "undetected", "engine_name":"Jiangmin","engine_ 
update":"20210409","engine_| version":"16.0. 100","method":"blackli 
st"},"eGambit":{"category":"malicious","engine_name":"eGambit"," 
engine_update":"20210410", "method":"blacklist","result":"Unsafe. 
Al_Score_99%"},"Avira":{"category":"malicious","engine_name":"A 
vira","engine_update":"20210410","engine_version":"8.3.3.12","me 
thod":"blacklist", "result":"TR/Didr.Delphi.Gen"},"Antiy- 
AVL": {"category": “undetected","engine_name":"Antiy- 
AVL","engine_update":"20210410","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210410","engine_version":"2017. 
9. 26.565","method":"blacklist"}, "Gridinsoft": {"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210410","engine_ 
version":"1.0.36.127","method":"blacklist","result":"Trojan.Win32.D 
ownloader.oa!s1"}, "Arcabit": {"category":"malicious","engine_name 
""Arcabit","engine_update":"20210410","engine_version":"1.0.0.8 
81","method":"blacklist","result":"Backdoor.Hupigon.AAEA"},"ViRo 
bot": {"category":"undetected","engine_name":"ViRobot","engine_u 
pdate":"20210409","engine_version":"2014.3.20.0","method":"blac 
klist"},"ZoneAlarm":{"category":"undetected","engine_name":"Zone 
Alarm","engine_update":"20210410","engine_version":"1.0","meth 
od":"blacklist"},"Avast-Mobile":{"category":"type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210409","engine_version":"210409- 
00", "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
el name": "Microsoft","engine_update":"20210410","engine_versio 
n":"1.1.18000.5","method":"blacklist","result":" TrojanDownloader: 
Win32/Injector. gen!W"},"Cynet":{"category":"malicious","engine_n 
ame":"Cynet","engine_update":"20210410","engine_version":"4.0. 
0.27","method":"blacklist","result":"Malicious (Score: 
100)"},"BitDefenderFalx":{"category":"type- 


100)"}, "BitDefenderFalx": {"category": "type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version": "2. 0.936", "method": “placklist"}, "AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 0","engine_version":"3.19.7.10132" 
"method": "blacklist","result":"Trojan/Win32.Banload.R39122"},"Acr 
onis":{"category": "malicious", "engine_name":"Acronis","engine_up 
date":"20210211","engine_version":"1.1.1.81","method":"blacklist", 
"result":"suspicious"},"VBA32":{"category": "malicious" ,"engine_na 
me":"VBA32","engine_update":"20210409","engine_version":"5.0. 
0","method":"blacklist","result":"BScope. Trojan- 
Spy. Zbot"},"ALYac":{"category":"failure","engine_name":"ALYac"," 
engine_update":"20210410","engine_version":"1.1.3.1","method":" 
blacklist"},"MAX":{"category":"malicious","engine_name":"MAX","e 
ngine_update":"20210410","engine_' version":"2019.9.16.1","metho 
d":"blacklist","result":"malware (ai 
score\u003d85)"},"Malwarebytes":{"category":"malicious","engine_ 
name":"Malwarebytes","engine_update":"20210410" "engine_versi 
on":"4.2.1.18","method": "blacklist","result":"Malware.Al.146652490 
0"},"Zoner":{"category": "undetected","engine_name":"Zoner", "engi 
ne_update":"20210409","engine_version":"0.0.0.0","method":"blac 
Klist"},"TrendMicro- 
HouseCall": [ 'category":"undetected”,"engine_name":"TrendMicro- 
HouseCall","engine_update":"20210410","engine_version":"10.0.0 
all 040","method":"blacklist"},"Rising":{"category": "malicious","engin 
e_name":"Rising","engine_update":"20210410","engine_version":" 
25.0.0.26","method":"blacklist”,"result":"Downloader. Injector!8.89D 
(RDMK:cmRtazoEWX3fJKdhCAnpwdeU1C5U)"},"Yandex":{"categ 
ory":"undetected","engine_name":"Yandex","engine_update":"202 
10409","engine_version":"5.5.2.24","method":"blacklist"},"Ikarus":{" 
category”: "malicious","engine_name":"Ikarus","engine_update":"2 
0210409","engine_version":"0.1.5.2","method":"blacklist","result":" 
Trojan- 

Downloader. Win32.Small"},"MaxSecure":{"category":"undetected", 
"engine_name":"MaxSecure","engine_update":"20210409","engin 
eC. version": PIO "method": “blacklist’}, "Fortinet":{"category":"m 
alicious","engine_name":'"Fortinet","engine_update":"20210410","e 
ngine_' version":"6.2.142. 0", "method": "blacklist","result": "W32/Delf, 
NJH!tr.didr"},"Webroot": "category": "undetected", "engine_name":" 
Webroot","engine_update":"20210410","engine_version":"1.0.0.40 
on "method": “"blacklist’}, "AVG":{"category":"malicious","engine_na 
me":"AVG","engine_update":"20210410","engine_version":"21.1.5 

827.0", "method": “blacklist","result": "Win32:Hupigon-HBV 

[Trj]"}, "Panda": {"category": "malicious", "engine_name":"Panda","en 
gine_update":"20210410", "engine_version":"4. 6.4.2","method":"bla 
cklist","result": "Tri/Genetic.gen"},"CrowdStrike" At category": "malici 
ous", "engine _| name":"CrowdStrike","engine_update":"20210203"," 
engine_version":"1.0","method":"blacklist","result":"win/malicious__ 
confidence_80% (D)"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210410","engine_version":"1.0.0.1120"," 
method":"blacklist","result":" HEUR/QVM05.1.7D67.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":1,"harmless":0,"malicious":49,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":20},"last_modification_date":"161813 
6174","last_: submission | date":"1618045895", "md5" "437133b795d 
024e4ad8177e8090729a9" ,"meaningful_name":"0.0.0.0.0.exe","n 
ames" ["0.0.0.0.0.exe"],"reputation":"0","sha1": "p539aabtdb2b6412 
8a45de691e2185b7ddaab744","sha256":"a882cea7addb1d379c8 
b55148b9e5 1646983620b2fb9366573a1 1 3c76a347672","sigma_ 
analysis_stats":{"critical":"4","high":"0","low":"0","medium":"0"},"sig 
ma_analysis_summary":{"SOC Prime Threat Detection 
Marketplace":{"critical":"4","high":"0","low":"0","medium":"0"}},"size 
""90204","tags":["peexe","bobsoft","overlay","direct-cpu-clock- 
access","checks-user-input","detect-debug-environment","long- 
sleeps", *runtime- 

modules’],"times_submitted"."1 ""total_votes":{"harmless":"0","mali 
cious":"0"},"type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0940866d 
1c0d5c0515651038z249239z1 04fz", "guthentihash":"a88144eaa47 
Obc7111e216b6ccdd526742b9244 1 90068aaa8f45327153d2f521", 
"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","packers":{"PEiD":"BobSoft Mini Delphi -\u003e BoB / 
BobSoft"},"pe_info":{"entry_point":"76580","imphash":"5b6425a0e 
ec5b2ccec98bc5449e75d31","import_list":[{"imported_functions":[" 
RegOpenKeyExA","RegQueryValueExA","RegCloseKey"],"library__ 
name":"advapi32.dll"},{"imported_functions":["GetLastError","GetS 


name":"advapi32.dll"},{"imported_functions":["GetLastError","GetS 
tringTypeExA","GetStdHandle","EnterCriticalSection","WriteProce 
ssMemory","ReadFile","VirtualAllocEx","IstrlenA","GlobalFree","W 
aitForSingleObject","FreeLibrary","QueryPerformanceCounter","C 
opyFileA","GetTickCount","GetThreadLocale","GetVersionExA","G 
lobalUnlock","GetModuleFileNameA","GlobalHandle","RtlUnwind", 
"WinExec","CreateRemoteThread","VirtualFreeEx","DeleteCritical 
Section","GetStartup|InfoA","GetDateFormatA","LoadLibraryExA"," 
GetLocalelnfoA","LocalAlloc","OpenProcess","GlobalReAlloc","Un 
handledExceptionFilter","TlsGetValue","MultiByteToWideChar","G 
etLocalTime","GetCPInfo","GetCommandLineA","GetProcAddress 
","SetFilePointer","GetTempPathA","RaiseException","CompareSt 
ringA","CloseHandle","WideCharToMultiByte","GetDiskFreeSpace 
A","GetModuleHandleA","FindFirstFileA","WriteFile","EnumCalend 
arlnfoA","ResetEvent","IstrcpynA","GetACP","GlobalLock","GetCur 
rentThreadld","GlobalAlloc","GetFullPathNameA","SetEvent","Loc 
alFree","InitializeCriticalSection","VirtualQuery","VirtualFree","Crea 
teEventA","FindClose","InterlockedDecrement","Sleep","FormatMe 
ssageA","SetEndOfFile","TisSetValue","CreateFileA","ExitProcess 
"""GetVersion","LeaveCriticalSection","VirtualAlloc","InterlockedInc 
rement"],"library_name":"kernel32.dll"},{"imported_functions":["Vari 
antChangeType","SafeArrayGetLBound","SafeArrayPtrOflndex"," 
SysAllocStringLen","VariantClear","SafeArrayCreate","SysReAlloc 
StringLen","SafeArrayGetUBound","VariantCopy","SysFreeSiring", 
"Variantinit"],"library_name":"oleaut32.dll"},{"imported_functions":[" 
GetWindowThreadProcessld","GetSystemMetrics","LoadStringA"," 
CharNextA","MessageBoxA","FindWindowA","GetKeyboardType", 
"CharloOemA"],"library_name":"user32.dll"},{"imported_functions" 
:["URLDownloadToFileA"],"library_name":"URLMON. DLL"}], "mach 
ine_type":"332","overlay":{"chi2":219.6521 1486816406,"entropy":6 
.306167125701904 ,"filetype":"Data","md5": "Zafbb7be2e6442db5e 
2c449dbd86acf6","offset":"90112","size":"92"},"resource_details":[{ 
"chi2":33228.0078125 ,"entropy":3.05023694038391 1,"filetype":"A 
SCI 
text","lang":"NEUTRAL","sha256":"e7900b5c230215a2b52756c64 
dffa94026378687a6f5d 1 5b81 3db90e995de6be" ."type":"RT_STRI 
Nee es 38474.6875,"entropy":3.2081825733184814,"filetype" 


So lang": "NEUTRAL","sha256":"3f5851 7198021 697cb2c8d2b3 
7d3b2633f1 1b651031cbe231320adc58e7a0ade" ,'type":"RT_STRI 
NG"},{"chi2": is 275390625,"entropy":3.028387 7849578857, "fil 
etype LPL 
text", "lang": “NEUTRAL”. "sha256":"0567aba1 45ad2de8c26eb7288 
ba79970348f46a67c4e03013679862900452cf0" ,"type":"RT_STRI 
NG"}, ye aes: 1796875,"entropy":3.2072367668151 855, "filet 
ype We LWwNS Cll 
text","lang":"NEUTRAL","sha256":"71333097093b700b65adf8cc6 
89d36ca26c42cb733890690aaf32f5fdcae4fia","type":"RT_STRIN 
G"},{"chi2":67329.484375,"entropy":3.2040884494781 494, "filetype 
""ASCII 
text","lang":"NEUTRAL","sha256":"7345b72c1 eb50e698fa9c1 38c0 
aa8485d5fb7855391 8f0402af7b2460bd9c6at", "type":"RT_STRIN 
G"}, pee: 63521.80859375,"entropy":3. 2543594837 18872, "filetyp 
eo. “ASCII 
text", “lang":"NEUTRAL","sha256":"d92bf729f1 14fd24a3447a86ca 
bc8938b758da42560d1c6db1 6f6a85385459ef","type":"RT_STRIN 
G"},{"chi2":48775.6484375,"entropy":3.18441 5340423584 s "filetype 
We “ASCII 
text","lang":"NEUTRAL","sha256":"49273389801a1f2231e5dd94b 
e7ba0b019b4939ff4689134e1 1dd0e0d9f98a04" ,"type":"RT_STRI 
NG"},{"chi2":240.0,"entropy":4.0,"filetype":"Data","lang":"NEUTRA 
L","sha256":"88d1 Acc6638af8a0836f6d868dfab60df92907a2d7be 
caefbbd7e007acb7561 0","type":"RT_RCDATA"},{"chi2":2529.143 
310546875,"entropy":4.8072285652160645,"filetype":"Data","lang 
2 "NEUTRAL", "sha256":"92059f01c7db543c0794b10a08ab7a4372 
9f64ed0ebc24fc0b23c6eea571 bb97","type":"RT_RCDATA"}],"reso 
urce_langs":{"NEUTRAL":"9"}, "resource _types":{"RT_RCDATA":" 
2","RT_STRING":"7"},"sections":[{"chi2":44 1367.31 ,"entropy":6.55, 
"flags" ixeumcou: "b45a4fc8d574257e9cb50373439c74a"", "name": 
.CODES "raw. size":"72704","virtual_address":"4096","virtual_size" 
"72520", {"chi2":52910.48 "entropy": :4.4,"flags":"rw", “md5":"c3900 
dff95a4516c39e8bfe00635ded2","name":"DATA", "raw size":"1536 
","virtual_address"."77824", 'virtual_size":"1 424" "chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e", ‘name’: "BSS", "raw size":"0","virtual_address":"81920", 
"virtual_size":"2173"},{"chi2":78299.52,"entropy":4.68, "flags":"rw"," 
md5":"0a9f421 fb32297df22092640b5c4ecé6t", "name":".idata", "raw 
_size":"3072","virtual_address":"86016","virtual_size":"2960"},{"chi 
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_size":"3072","virtual_address":"86016","virtual_size":"2960"},{"chi 


1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e","name":" tls","raw_size":"0","virtual_address":"90112","v 
irtual size": mule {"chi2": 123013.0,"entropy":0.27,"flags":"rs", “mds” 
""32cb2c606b270e8823522047b2088117","name":".rdata","raw_si 
Zen ON ,"virtual_address": "94208" ,"virtual_size": "24", {"chi2": 262 
75.82,"entropy":6.57,"flags":"rs","md5":"6dc99f2e8 1 92b754df7761 
484f50cb4c", "name":".reloc", "raw size":"6144","virtual_address":" 
98304","virtual_size":"5964"},{"chi2":408194. 38," "entropy":3.4,"flag 
Sasi "md5":"db33967439b97915d30db1f0581 76466", "name":".rs 
re","raw_size":"5120","virtual_address":"106496","virtual_size":"51 
20"}], "timestamp": "708992537", "ssdeep":"1536: UfquQsebbn6Sxr 
kLvrW419SLVUB70h1 8DQzRcsnk6raTM1HhGIKfbxSqtsk9m:aYH 
MvK4/SvUxOh1 wQzjk6raTMJhVf9Sj","trid":[{"file_type":"Win32 
Executable (generic)","probability":52.9},{"file_type":"Generic 
Win/DOS Executable","probability":23.5},{"file_type":"DOS 
Executable 
Generic","probability":23.5}]},"id":"a882cea7addb1d379c8b55148b 
9e51646983620b2fb93665 73al 13c76a347672","links":{"self":"http 
s://www.virustotal.com/api/v3/files/a882cea7addb1d379c8b55148 
b9e51646983620b2fb9366573a1 13c76a347672"},"type":"file"} 
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{"attributes":{"first_submission_date":"1618371451","last_analysis 
date":"1618371451","last_analysis_results":{"Bkav":{"category":" 
undetected","engine_ name": "Bkav","engine_update":"20210413"," 
engine_version":"1.3.0.9899", "method": "placklist"},"Elastic":{"categ 
ory":"type- 
unsupported","engine_name":"Elastic","engine_update":"2021041 
4" "engine _ version":"4.0.20","method":"blacklist"},"MicroWorld- 
eScan":{"category": "undetected", "engine_name":"MicroWorld- 
eScan","engine_update": "20210413", "engine_version":"14.0.409.0 
""method":"blacklist"},"FireEye":{"category":"undetected","engine _ 
name": "FireEye","engine_update":"2021041 4","engine_version":"3 
2.44.1.0","method":"blacklist"},"CAT- 
QuickHeal": {"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210413","engine_version":"14.00" 
,"method": "blacklist’, "result":"Risktool.Ultrasurf"},"McAfee":{"categ 
ory": "undetected","engine_name":"McAfee","engine_update":"202 
10413","engine_version":"6.0.6.653","method":"blacklist"},"Malwar 
ebytes":{"category":"malicious","engine_name":"Malwarebytes","e 
ngine_update":"20210413","engine_version":"4.2.1.18","method":" 
blacklist","result":"Malware.Heuristic.1003"},"Zillya":{"category":"un 
detected" ,"engine_name":"Zillya","engine_update":"20210413","en 
gine_ version":"2.0.0.4340","method":"blacklist"}, "SUPERAntiSpyw 
are":{"category": "undetected" ,"engine_name":"SUPERAntiSpywar 
e","engine_update":"20210409","engine_version":"5.6.0.1032","m 
ethod":"blacklist"},"Sangfor":{"category":"undetected","engine_na 
me":"Sangfor","engine_update":"20210402","engine_version":"2.9. 
0.0","method":"blacklist"},"K7AntiVirus":{"category":"undetected"," 
engine_name":"K7AntiVirus","engine_update":"20210414","engine 
_version":"11.176.36920","method": "Blacklist", "Alibaba":{"categor 
ye "type- 
unsupported","engine_name":"Alibaba","engine_update":"2019052 
7","engine_version":"0.3.0.5","method":"blacklist"},"K7GW":{"categ 
ory":"undetected","engine_| name": "K7GW","engine_update":"2021 
0413","engine_version":"11.176.36920","method":"blacklist"},"Trus 
tlook":{"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
414","engine_version":"1.0","method":"blacklist"},"BitDefenderThet 
a":{"category":"undetected","engine_name":"BitDefenderTheta","e 
ngine_update":"20210402","engine_version":"7.2.37796.0", "metho 
d":"blacklist"},"Cyren":{"category":"undetected","engine_name":"C 
yren","engine_update":"20210414","engine_version":"6.3.0.2","me 
thod":"blacklist"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"undetected" "engine name":"Symantec","e 
ngine_update":"20210413","engine_version":"1.14.0.0", "method" ae 
blacklist"},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"2021 041 3","engine_version":"23128"," 
method":"blacklist","result":"a variant of Win32/UltraReach.AG 
potentially 
unsafe"},"Baidu":{"category":"undetected","engine_name":"Baidu", 
"engine_update":"20190318","engine_version":"1.0.0.2", "method": 
"placklist"},"TrendMicro- 
HouseCall":{"category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210413","engine_version":"10.0.0 
.1040","method":"blacklist","result":"HackTool.Win32.ULTRASURF 
-AA"},"Avast"{"category":"undetected","engine_name":"Avast","en 
gine_update":"20210414","engine_version":"21.1.5827.0", "method 
""blacklist"},"ClamAV":{"category":"malicious","engine_name":"Cla 
mAV","engine_update":"20210413","engine_version":"0.103.2.0"," 
method":"blacklist","result":"Win.Malware.Agent-6366401- 
0"},"Kaspersky":{' ‘category": "malicious","engine_name":"Kaspersk 
y","engine_update":"20210413","engine_version":"21.0.1.45","met 
hod":"blacklist","result":"Trojan- 
FakeAV.Win32.XpAntivirus.znl"},"BitDefender":{"category":"undete 
cted","engine_name":"BitDefender","engine_update":"20210414"," 
engine_version":"7.2","method": "blacklist’}, "NANO- 
Antivirus":{"category": “malicious"," "engine_name":"NANO- 
Antivirus","engine_update":"20210413","engine_version":"1.0.146. 
25279", "method": "blacklist","result": "Riskware.Win32.UltraSurf.eut 
qax"}, "Paloalto" :{"category":"type- 
unsupported","engine_name":"Paloalto","engine_update":"202104 
14","engine_version":"1.0","method":"blacklist"},"AegisLab":{"categ 
ory":"malicious","engine_name":"AegisLab","engine_update":"202 
10414","engine_version":"4.2","method":"blacklist","result":"Trojan. 
Win32. XpAntivirus. clc"}, "APEX": {"category":"type- 
unsupported","engine_name":"APEX","engine_update":"20210413 


unsupported","engine_name":"APEX","engine__ update": "20210413 
","engine_version":"6.152","methoa": "blacklist"},’ "Tencent":{"catego 
ry":"malicious","engine_ name": "Tencent","engine_update":"20210 
414","engine_version":"1.0.0.1", "method": "blacklist","result":"Win3 
2. Trojan- -fakeav.Xpantivirus. Tdfx"}, "Ad- 
Aware":{"category":"undetected","engine_name":"Ad- 
Aware","engine_update":"20210414","engine_version":"3.0.16.117 
iH "method": "blacklist"},"Sophos":{"category":"undetected","engine_ 
name": "Sophos","engine_update":"20210414" “"engine_version"."1 
.0.2.0","method":"blacklist"},"Comodo":{"category":"malicious","eng 
ine_| name": "Comodo","engine_update":"20210413","engine_' versio 
n":"33436","method": "blacklist", "result": "Malware@#3dv7byz8ahgf 
ay, "F-Secure" :{"category": "undetected," ‘engine_name":"F- 
Secure","engine_update":"20210331" engine. version":"12.0.86.5 
ei "method": "placklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210414","engine_version":"7.0 
.49.9080","method":"blacklist", "result": "Trojan. Siggent 2. 51 Vea 
VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_ 
update”: "20210413","engine_ version": EOS ey "method":"blacklist” 
,"result":"UltraSurf (fs) (not 
malicious)"},"TrendMicro" :{"category":"malicious","engine_name": 
TrendMicro","engine_update":"20210330", "engine_ version": AN (0). 
0.1 006","method":"blacklist”,"result":"HackTool.Win32.ULTRASUR 
F.AA"},"McAfee-GW- 
Edition": "category": "undetected","engine_name":"McAfee-GW- 
Edition","engine_update":"20210413","engine_version":"v2019.1.2 
+3728", "method": "placklist"}, "SentinelOne": {"category":"type- 
unsupported", "engine_name":"SentinelOne","engine_update":"202 
10215","engine_version":"5.0.0.20","method":"blacklist"},"Trapmin 
e":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" "method":"blacklist"},"CMC"{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"undetected","engine_name":"Emsisoft","engi 
ne_update":"20210414","engine_' version": "2018. 12. 0.1641","meth 
od":"blacklist"},"Ikarus":{"category":"undetected","engine_| name":"| 
karus","engine_update":"20210413","engine__ version":"0.1.5. Queen 
ethod":"blacklist"},"GData":{"category":"undetected","engine_| came 
":"GData","engine_update":"20210414","engine_version":"A:25.29 
314B: 27. 22648", "method": "blacklist’}, "Jiangmin™: {"category":"mali 
cious","engine_name":"Jiangmin","engine_update":"20210413","e 
ngine_version™"1 6.0.1 60" "method""blacklist","result":"RiskTool.U 
ltraSurf.d"},"Webroot":{"category":"type- 
unsupported","engine_name":"Webroot","engine_update":"202104 
14","engine_version":"1.0.0.403","method":"blacklist"},"Avira":{"cat 
egory":"undetected","engine_| name":"Avira" ,"engine_update":"202 
10414","engine_version":"8.3.3.12","method":"blacklist"},"eGambit 
"«"category":"type- 
unsupported","engine_name":"eGambit","engine_update":"202104 
14","method":"blacklist"},"Antiy- 
AVL": {"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210414","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210413","engine_ 
version":"1.0.37.128","method":"blacklist","result":"PUP.Gen.vi!c"}, 
"Arcabit":{"category": "undetected" ,"engine_name":"Arcabit","engin 
e_update":"20210414", “engine _ version":"1.0.0.881", "method": "bla 
cklist"},"ViRobot" "category": "undetected","engine_name":"ViRob 
ot","engine_update":"20210414","engine_ version":"2014.3. 20.0"," 
method":"blacklist"},"ZoneAlarm" :{"category":"malicious","engine_ 
name":"ZoneAlarm","engine_update":"20210414","engine_version 
""1.0","method":"blacklist","result":"Trojan- 
FakeAV.Win32.XpAntivirus.znl"},"Avast-Mobile":{"category":"type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"2021 041 3","engine_version":"21 041 3- 
02","method": “blacklist’},’ ‘Microsoft".{"category":"malicious","engin 
e_name":"Microsoft","engine_update":"20210414","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "PUA:Win32/Preseno 
ker’} "Cynet":{"category": "undetected", "engine_name":"Cynet","en 
gine_ update": "20210412","engine__ version":"4.0.0. 27","method":"bl 
acklist"}," 'BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2. 0. 936", "method": "blacklist"},"AhnL 
ab-V3":{"category":"undetected","engine_name":"AhnLab- 
V3","engine_update":"2021041 4","engine_version":"3.1 OF /ellOigeee 


View on VirusTotal 
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V3","engine_update":"20210414","engine_version":"3.19.7.10132" 
,"method":"blacklist"},"Acronis":{"category":"type- 
unsupported","engine_name":"Acronis","engine_update":"2021021 
1","engine_version":"1.1.1.81","method":"blacklist"},"VBA32":{"cat 
egory":"malicious","engine_name":"VBA32","engine_update":"202 
1041 3","engine_version":"5.0.0","method": "blacklist","result":"BSc 
ope. Trojan. Downloader"},"ALYac":{"category":"undetected","engin 
e_name":"ALYac","engine_update":"20210414","engine_version":" 
Walsh. "method": "blacklist"}, "MAX":{"category":"undetected" ,"engi 
ne_name":"MAX","engine_update":"20210414","engine_version": 
2019.9.16.1", "method": "blacklist"}, "Cylance": {"category":"type- 
unsupported", "engine_name":"Cylance","engine_| update": "202104 
14","engine_version":"2.3.1.101", "method": "blacklist"},"Zoner":{"ca 
tegory":"undetected","engine_name":"Zoner","engine_update":"20 
210413","engine_version":"0.0.0.0", "method": “placklist"},"Rising":{ 
"category":"malicious","engine_name":"Rising","engine_update":"2 
0210413","engine_' version":"25.0.0. 26","method":"blacklist", "result 
""Trojan.XpAntivirus!8.4DD8 
(CLOUD)"},"Yandex":{"category":"undetected","engine_name":"Ya 
ndex","engine_update":"20210413", “engine _ version":"5. 5. 2.24","m 
ethod’: "blacklist"},"TACHYON" {"category": "undetected","engine_ 
name":"TACHYON","engine_update":"2021041 4","engine_version 
""2021-04- 
14. 01","method":"blacklist"}, "MaxSecure": {"category":"undetected" 
,"engine_name":"MaxSecure","engine_| update": fer poneae Net id 
e | version":"1.0.0.1", "method": "blacklist"},"Fortinet":{"category":"m 
alicious","engine_ name": "Fortinet","engine_update":"20210414","e 
ngine_version":"6.2.142.0", "method": “blacklist","result": aRickware) 
UltraReach"},"Cybereason":{"category":"type- 
unsupported","engine_name":"Cybereason","engine_update":"202 
10330","engine_version":"1.2.449","method":"blacklist"},"Panda":{" 
category":"undetected","engine_name":"Panda","engine_update":" 
20210413" "engine _ version":"4.6.4. 2","method":"blacklist"},"Crowd 
Strike":{"category":"type- 
unsupported","engine_name":"CrowdStrike","engine_update":"202 
10203","engine_ version": mleOu. ,"method": "placklist"}, ee 
360": {"category”: "undetected","engine_name":"Qiho 
360","engine_update": "20210414", "engine — version": my OO AO 
method": "blacklist"}},"last analysis stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":20,"suspicious":0,"ti 
meout":0,"type- 
unsupported":16,"undetected":38},"last_modification_date":"16184 
61893","last_submission_date":"1618371451","md5":"ccedd7791¢c 
95863a475666ff7331d783","reputation":"0","sha1":"1ddOff4ef65a6 
1864d3256344d9ebd97423d052a","sha256":"095c601b8da5634b 
7633cdb7ed039dfb5cd4eb19e076c1 19d0a0abb84bec90e7","size" 
:"14526997","tags":["rar"],"times_submitted":"1","total_votes":{"har 
mless":"0","malicious":"0"},"type_ description": "RAR", 't "type_tag":"ra 
r","unique_sources":"1","vhash":"b9a64e7e9241 cf9080d3188882F 
184af", "bundle_info": {"extensions": {"ixt":"1","exe":"3"},"file_types":{ 
"unknown": "Portable 
Executable":"3"},"highest_datetime":"201 8-01-21 
14:37:04","lowest_datetime":"2017-05-10 
18:29:04",""num_children":"4","type":"RAR","uncompressed_size": 
14748175"), "magic":"RAR archive data, vid, os: 
Win32","ssdeep":"1 96608:7GMbafeJX/x70Lu1 Netv2cvPnj8KFhAz/ 
XmcaHjyhyTaraNeXbCtwqnPmarg7n4N:VrxhOLuituGr8Mhs/2caD 
qcp+atTau4c","trid":[{"file_type":"RAR compressed archive (v- 
4.x)","probability":58.3},{"file_type":"RAR compressed archive 
(gen)","probability":41.6}]},"id":"095c601b8da5634b7633cdb7ed03 
9dfb5cd4eb19e076c1 19d0a0abb84bec90e7","links":{"self":"https:// 
www.virustotal.com/api/v3/files/095c601b8da5634b7633cdb7ed03 
9dfb5cd4eb19e076c1 1 9d0a0abb84bec90e7"},"type":"file"} 
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{"attributes":{"creation_date":"1208605751","first_submission_date 
"""1618289267","last_analysis_date":"1618289267","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210412","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": ("category 
""malicious","engine_name":"Elastic","engine_update":"20210407 
""engine_| version":"4.0. 19","method": “blacklist”, "result":"malicious 
(high 
confidence)"},"DrWeb":{"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210413","engine_ version":"7.0.49.9080 
""method":"blacklist","result":"Trojan.Click3.29339"},"MicroWorld- 
eScan" :{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210413","engine_version":"14.0.409.0 
""method":"blacklist","result":"Dropped:Generic.Malware.S!prn!.60 
827FC6"}, "FireEye": {"category": "malicious","engine_name":"FireE 
ye","engine_update":"20210413","engine_version":"32.44.1.0","me 
thod":"blacklist","result":"Generic.mg.ea2782c91524a64f"}, "CAT: 
QuickHeal":{"category":"undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210412","engine_version":"14.00" 
,"method":"blacklist"},"ALYac":{"category":"malicious","engine_na 
me": "ALYac","engine_update":"20210413","engine_version":"1.1.3 
-1","method":"blacklist","result":"Dropped: Generic.Malware.S!prn!. 
60827FC6"}, "Cylance":{"category":"malicious","engine_name":"Cyl 
ance","engine_update":"20210413","engine_version":"2.3.1.101", iy 
method": "blacklist","result": "Unsafe"}, "VIPRE":{"category": "malicio 
us","engine_name":"VIPRE","engine_update":"20210413","engine 
“version”: "91790","method":"blacklist’, "result": "Trojan. Win32.Gen 
eric|BT"}, "SUPERAntiSpyware": {"category":"undetected","engine_ 
name":"SUPERAntiSpyware","engine_update":"20210409","engin 
e version":"5.6.0.1032","method":"blacklist"},"Sangfor":{"category" 
““malicious","engine_ name": "Sangfor","engine_update":"20210402 
","engine_version":"2.9.0.0","method":"blacklist","result":"Trojan. Wi 
n32.Save.a"},"K7AntiVirus": {"category": "malicious" ,"engine_name" 
:"K7AntiVirus","engine_update":"20210413","engine_version":"11. 
176.36907", "method": "placklist","result": "Trojan ( 000fdb5d1 
vite "Alibaba": {"category": "undetected" ,"engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5", "method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210412","engine_version":"11.176.36906", "me 
thod":"blacklist","result":"Trojan ( O00fdb5d1 
ale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 91 524a"}, "BitDefenderTheta’": {uc 
ategory":"malicious","engine_name":"BitDefenderTheta","engine_ 
update":"20210402","engine_version":"7.2.37796.0", "method":"bla 
cklist","result":"Al:Packer.9AA990F61E"},"Cyren":{"category":"mali 
cious", "engine_name":"Cyren","engine_update":"20210413","engi 
ne_version":"6.3.0.2","method":"blacklist","result":"W32/Agent.CG 
R.gen!Eldorado"}, "SymantecMobilelnsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210413","engine_version":"1.14.0.0","method":"bla 
cklist","result":"ML.Attribute. HighConfidence"}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210413","engine_version":"23123"," 
method":"blacklist","result":"a variant of 
Win32/Agent. SNX"}, "APEX":{"category":"malicious","engine_name 
""APEX","engine_update":"20210404","engine_version":"6.151"," 
method":"blacklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_| name": "Avast","engine_update":"20210413","engine 
_version":"21.1.5827.0","method":"blacklist","result":"Win32:Trojan 


gen'}, "ClamAV":{"category":"malicious","engine_name":"ClamAV", 
"engine_update":"20210412", "engine_version":"0.1 03.2.0","metho 
d":"blacklist","result":"Win. Trojan.Generic-9831620- 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210413","engine_version":"21.0.1.45","met 
hod":"blacklist","result":"HEUR:Trojan- 
Dropper.Win32.Agent.gen"},"BitDefender" :{"category":"malicious", 
"engine_name":"BitDefender","engine_update":"20210413","engin 
e_version":"7.2","method": "blacklist", "result":"Dropped: Generic.Ma 
lware. S!pm!. 60827FC6"}, "NANO- 

Antivirus" {" ‘category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"2021 0413","engine_version":"1 0.146. 
25279","method": "blacklist","result":"Trojan.Win32.Clicker. eapdee 
},"Paloalto":{"category": "undetected" ,"engine_name":"Paloalto","e 
gine_update":"20210413","engine_version":"1.0","methoa": "blackli 


gine_update":"20210413","engine_version":"1.0","method":"blackli 
st"},"AegisLab":{"category":"undetected","engine_name":"AegisLa 
b","engine_update":"20210413","engine_version":"4.2","method":" 
blacklist"}, "Rising":{"category":"malicious","engine_| name": "Rising", 
"engine_update":"20210412","engine_version":"25.0.0.26","metho 
d":"blacklist","result":"Trojan.Kryptik!1.D30B 
(RDMK: cmRtazpBgBA6RIIDDINCO2APnJ/2)"}, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware", “engine_ update": "20210413", "engine_version":"3.0.16.117 
","method":"blacklist","result":"Dropped:Generic.Malware.S!prn!.60 
827FC6'"},"Trustlook":{"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"2021 0 
413","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory":"malicious","engine_name":"Emsisoft","engine_update":"202 
10413","engine_| version":"2018.12.0. 1641", “method”: "blacklist","re 
sult": "Dropped: Generic.Malware.S!prn!. 60827FC6 
(B )"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210412","engine_version":"33433","method":" 
blacklist","result": "Packed.Win32.MUPX.Gen@24tbus"},"F- 
Secure" {"category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
Oe "method": "blacklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318","engine_version":"1.0 
.0.2","method":"blacklist"},"Zillya":{"category":"malicious","engine_ 
name": "Zillya", “engine_ update": "20210412","engine_version":"2.0. 
0.4338","method":"blacklist","result":" Dropper.Agent.Win32.44397 
ale "TrendMicro”: {"category": "undetected","engine_name":"Trend 
Micro","engine_| update": "20210330","engine_version":"11.0.0.100 
6","method":"blacklist"},"McAfee- GW- 
Edition": {"category": "malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210412", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
om"},"Trapmine"{"category”:"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_name":"Sophos","engine_u 
pdate":"20210413" "engine_version":"4 .0.2.0","method":"blacklist", 
"result":"ML/PE-A + Troj/Agent- 
BGMW'"}, "SentinelOne": {"category":"malicious","engine_name":"S 
entinelOne","engine_update":"20210215", "engine_version":"5.0.0. 
20K "method": "blacklist","result":"Static Al - Malicious 
PE"y, "GData":{"category":"malicious","engine_name":"GData","en 
gine_update":"20210413","engine_version":"A:25.29305B:27. 2263 
8","method":"blacklist","result":"Dropped:Generic.Malware.S!prn!.6 
0827FC6"}, "Jiangmin":{"category":"malicious","engine_name":"Jia 
ngmin","engine_update":"20210412","engine_version":"16.0.100"," 
method": "blacklist","result": "Trojan/Genome. cae"}, "eGambit": {"cat 
egory":"malicious","engine_name":"eGambit","engine_update":"20 
210413", "method": “blacklist”, "result":"Unsafe.Al | Score_99%"},"Av 
ira":{"category":"malicious",' ‘engine_ name":"Avira","engine_update 
""20210413","engine_| version":"8.3.3. 12","method":"blacklist","res 
ult":"TR/Dropper.Gen"},"MAX": "category": "malicious","engine_na 
me":"MAX","engine_update":"20210413","engine_' version”:"2019.9 
ake "method": "blacklist","result": "malware (ai 
score\u003d81 )"}, "Antiy- 
AVL":{"category":"malicious","engine_name":"Antiy- 
AVL","engine_update": "20210412" ,"engine_version":"3.0.0.1","met 
hod": "blacklist", “result”: "Trojan/Win3e2. Genome"}, "Kingsoft": {"categ 
ory" '-"undetected"," ‘engine_name":"Kingsoft","engine_update":"202 
10413","engine_' version":"2017.9.26. 565s. "method": "blacklist"}, "Gr 
idinsoft": {"category":"malicious","engine_ name": "Gridinsoft","engin 
e_update":"20210413", "engine_version™:"1 LORS /all2 One "method":"bl 
acklist","result":"Trojan Heur!.0301 2029"},"Arcabit": {"category": "m 
alicious","engine_name":"Arcabit","engine_update":"20210413","e 
ngine_version":"1.0.0.881 " *method"."blacklist""result"="Generi¢.M 
alware.S!prn!.60827FC6"},"ViRobot":{"category"."undetected","en 
gine_name":"ViRobot","engine_update":"20210412","engine_versi 
on":"2014.3.20.0", "method": "blacklist"},"ZoneAlarm": ("category": a 
malicious", "engine _ name":"ZoneAlarm","engine_update":"202104 
ie engine_version":"1 .0","method":"blacklist","result":"HEUR:Troj 
an.Win32. Generic’}, "Avast- Mobile". {"category":"type- 
unsupported","engine_name":"Avast- 
Mobile", "engine update":"20210412","engine_version":"210412- 
00", "method": "blacklist"}, "Microsoft" :{"category":"malicious","engin 
e_name":"Microsoft","engine_update":"20210413","engine_versio 
n":"1.1.18000.5", "method": "placklist","result":"Trojan:Win32/Cryptl 


ww 


n":"1.1.18000.5","method":"blacklist","result":"Trojan:Win32/Cryptl 
nject.SD!MTB"},"Cynet":{"category":"malicious","engine_name":"C 
ynet","engine_update":"20210412","engine_version":"4.0.0.27","m 
ethod":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version":"2.0.936", "method": “blacklist"}, "AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210413","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Malware/Gen.RL_Reputation.R3659 
85"), "Acronis": {"category”: "malicious","engine_name":"Acronis","e 
ngine_update":"20210211" “"engine_version": “ALallelle 81", "method":" 
blacklist","result":"suspicious"},"McAfee":{"category": "malicious", "e 
ngine_name":"McAfee","engine_update":"20210413","engine_vers 
ion":"6.0.6.653","method":"blacklist”,"result":"GenericRXNT- 
WUIEA2782C91524"},"TACHYON":{"category":"undetected","engi 
ne_name":"TACHYON","engine_update":"20210413","engine_ver 
sion":"2021-04- 
13.01","method":"blacklist"},"VBA32":{"category":"malicious","engi 
ne_name":"VBA32","engine_update":"2021 041 2","engine_version" 
:"5.0.0","method":"blacklist","result":"Trojan.Genome.vg"},"Malwar 
ebytes":{"category": "malicious" ,"engine_name":"Malwarebytes","e 
ngine_update":"20210410","engine_version":"4.2.1.18","method":" 
blackiist","result":"Malware.Al.1457429129"},"Zoner"{"category":" 
undetected","engine_name":"Zoner","engine_update"."2021 0412", 
"engine_version":"0.0.0.0","method":"blacklist"},"TrendMicro- 
HouseCall": {' 'category": "malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210413","engine_version":"10.0.0 
al 040","method”: "placklist","result":"TROJ_GEN.RO3BCODDA21"}, 
"Tencent":{"category":"malicious","engine_name":"Tencent","engin 
e_update":"20210413","engine__ version":"1.0.0. 1","method": “blackl 
ist","result":"Malware. Win32.Gencirc. 10ce3d97"}, "Yandex": {"categ 
ory": "malicious", “engine_| name":"Yandex" "engine_| update":"20210 
409","engine_version":"5.5.2.24","method":"blacklist","result":"Troj 
an. AgentlosR2LRL2IxU"}, "Ikarus": {"category": "malicious", "engine_ 
name":"Ikarus","engine_ update”: "20210412","engine_version":"0.1 
poe ous "method": "blacklist", “result”: "Trojan.Win32.Genome"},"MaxS 
ecure":{"category": "malicious", ‘engine_name":"MaxSecure","engin 
e_update":"20210412", "engine. version":"1.0.0.1","method": “blackl 
ist","result":"Trojan.Malware.121218. susgen'}, "Fortinet" :{" ‘category 
ms "malicious", "engine_name":"Fortinet","engine_update":"2021041 
3","engine_version":"6.2.1 42.0","method":"blacklist","result":"W32/ 
Agent.SNXitr"},"Webroot"{"category":"undetected","engine_name" 
:"Webroot","engine_update":"20210413","engine_version":"1.0.0.4 
03","method":"blacklist"},"AVG":{"category":"malicious","engine_na 
me":"AVG","engine_update":"20210413","engine_version":"21.1.5 
827.0","method":"blacklist","result":"Win32:Trojan- 
gen"}, "Panda" :{"category": "malicious", "engine_name":"Panda", 
gine_update":"20210412","engine_' version":"4.6.4. 2","method": bla 
cklist","result": "Tri/Genetic. gen"},"CrowdStrike" category": "malici 
ous", "engine _| name":"CrowdSirike","engine_update":"20210203"," 
engine_version":"1.0","method":"blacklist","result":"win/malicious _ 
confidence_100% (W)"},"Qihoo- 
360":{"category":"undetected","engine_name":"Qihoo- 
360","engine_update":"20210413","engine_version":"1.0.0.1120"," 
method":"blacklist’}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":55,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":15},"last_modification_date":"161842 
5149","last_submission_date":"1618289267","md5":"ea2782c9152 
4a64f05b1b867ffd0bb84","meaningful_name":"ea2782c91524a64f 
05b1b867ffd0bb84.virus","names":["ea2782c91524a64f05b1b867f 
fd0bb84.virus"],"reputation":"0","sha1":"d5e68449152a592f8cca95 
f5c2d2ba69 1bd9ad4b","sha256":"a23c44799e8274270cd2664ac9 
Srnec 7461 f4f13e4625e0886c1 2df1 1 28a3","size":"203359","ta 
s":["peexe","overlay","direct-cpu-clock-access","runtime- 
modules" ies submitied™="| ""total_votes":{"harmless":"0","mali 
cious":"0"},"type_| description”: "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"02504e1f 
7d1d1038z101bfz1 3z3f2", "guthentihash":"e0382e 1 2a2c6503fd4d0 
a534e645a21b21301d31829'375da2f9a3cf2b891 34","magic":"PE 
32 executable for MS Windows (GUI) Intel 80386 32- 
bit","packers": {"PEiD": "MingWin32 GCC 
3.x"},"pe_info":{"entry_point":"4672" »"imphash": "a9192bab5c7c795 
c7488b69a1 853f9c2","import_list":[{"imported_functions":["RegOp 
enKeyExA","RegSetValueExA", "RegCloseKey’, ‘library_name". "A 
DVAPI32.DLL"},{"imported_functions":["ShellExecuteA"],"library_n 
ame":"SHELL32.DLL"},{"imported_functions": i'GetAtomNameA™ ‘ 
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ame":"SHELL32.DLL"},{"imported_functions":["GetAtomNameA"," 
Sleep","CreateThread","GetStartupInfoA","AddAtomA","FindFirstFi 
leA","SetUnhandledExceptionFilter","FindAtomA","CopyFileA","Exi 
tProcess","CloseHandle","FindNextFileA","GetCommandLineA","G 
etModuleFileNameA","GetSystemDirectoryA","GetModuleHandleA 
"),"library_name": "KERNEL32. UL. {imported _ functions":[" 
fmode","malloc","__p__environ","fread","fclose","strcat","atexit","a 
bort","fprintf", "flush" ,"fopen","strlen","_cexit","fwrite","fseek" uate 
xi tae "tell", "exit","sprintt", "rand", “free","_ ~_getmainargs", "signal’,"_se 
tmode","__set_app_type","stremp","_iob","library_name":"msvert. 
dil"},{"imported_ functions":["SendMessageA","SefWindowTextA"," 
eee ee "library_name":"USER32.dll"}],"machine 
type":"332","overlay":{"chi2":1241322.0,"entropy":5.48938083648 
6816 "filetype": "Data","md5": "ab89bf750c7c43d0fdb91 79ab5tfe5e 
b","offset":"32768","size":"170591 "},"sections" [{"chi2":4099144.0," 
entropy":2.18," 'flags": "rwx","md5":"1 Oeb43a6d8dd2735a6d0d5a05 
5e13c7a", "name": "UPXO", "raw size":"26112","virtual_address":"4 
096","virtual_size":"28672"},{"chi2":4256.5, "entropy" :7.62,"flags":"r 
wx","md5":"9da38a157b3a284924 135ec920392bc7","name":"UPX 
ilies "Taw size":"4096","virtual_address":"32768", "virtual |_size":"4096 
aN {"chi2": 54487.0,"entropy":2.82,"flags":"rw", "md5":"72cc1ec621 1 
d759c56b56eeb0e1 1ba31","name":"UPX2", "raw size":"512","virtu 
al_address":"36864", "virtual |_size":"4096"}, {"chi2": 55468. 0,"entrop 
y"x 3.75,"flags":"rw", "md5":"2b8d3c0a1 60d68f8bbcdc0b1 ff0a31 e5", 
"name":".imports", “raw _size":"1024","virtual_address":"40960", "virt 
ual_size":"4096"}],"timestamp":"1208605751"},"ssdeep":"3072:UE 
u86X+LyKpVFRqPdUX+gDJyegJBIvZHcHc:UX8VLyKpVFRqPdU 
X+gDJyegJBIvZHcHc", "trid":[{"file_type":"Win32 Executable MS 
Visual C++ (generic)","probability":31.5},{"file_type":"UPX 
compressed Win32 
Executable","probability":27.3},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)","probability":16.6},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":6.6},{"file_type":"Win16 NE 
executable 
(generic)","probability":5.0}]},"id":"a23c44799e8274270cd2664ac9 
a3c5abel 7461 f4f1 3e4625e0886c1 2dfl 128a3","links":{"self":"https 
‘//www.virustotal.com/api/v3/files/a23c44799e8274270cd2664ac9 
a3c5abe1 7461 f4f1 3e4625e0886c1 2dfl 128a3"},"type":"file"} 
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{"attributes":{"creation_date":"1521750900","first_submission_date 
""1618393438","last_analysis_date":"1618393438","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210413","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": ("category 
""malicious","engine_name":"Elastic","engine_update":"20210414 
,"engine_| version":"4.0. 20","method": "blacklist", "result":"malicious 
(high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210414","engine_version":"14.0.409.0 
e "method": "blacklist","result":"Trojan.Agent.DDSN"},"CMC":{"cate 
gory": "undetected","engine_name":"CMC","engine_update":"2021 
0327","engine_\ version":"2.10.2019. lees "method": “blacklist"},"CAT- 
QuickHeal": {"category":"malicious" "engine | name":"CAT- 
QuickHeal","engine_update":"20210414","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.CobaltStrk.S 1945361 8"},"McA 
fee" :{"category": "malicious" ,"engine_name":"McAfee","engine_upd 
ate":"20210414","engine_version":"6.0.6.653","method":"blacklist", 
"result":"GenericRXLR- 
FSISEA2286EFBD3"},"Cylance":{"category":"malicious","engine_n 
ame":"Cylance","engine_update":"20210414","engine_version":"2. 
3. 1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"category": 
"malicious", "engine_name": "Zillya", "engine_update":"20210413"," 
engine_version”:"2.0.0.4340","method":"blacklist","result":" Trojan. 
Rozena.Win32.117174"},"SUPERAntiSpyware":{"category":"undet 
ected","engine_name":"SUPERAntiSpyware","engine_update":"20 
210409","engine_version":"5.6.0.1032","method":"blacklist"},"Sang 
for":{"category":"malicious","engine_name":"Sangfor","engine_upd 
ate":"20210402","engine_' version":"2.9.0. 0","method":"blacklist","re 
sult": "Trojan. Win32.Save.a"}, "K7AntiVirus”: {"category":"malicious", 
"engine_name":"K7AntiVirus","engine_update":"20210414", "engin 
e_version":"11.176.36921", "method": "blacklist","result":"Trojan ( 
00520fd01 
)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","e 
ngine_update":"20190527","engine_version":"0.3.0.5", "method":"bl 
acklist"},"K7GW":{"category":"malicious","engine_name":"K7GW"," 
engine_update":"20210414","engine_version":"11.176.36921", "me 
thod":"blacklist","result":"Trojan ( 00520fd01 
vine "CrowdStrike”: {"category":"malicious","engine_name":"CrowdSt 
rike","engine_update":"20210203","engine_version":"1.0","method 
ee “blacklist”, "result": "win/malicious_confidence_90% 
(D)"},"Baidu":{"category": "undetected","engine_name":"Baidu", 
gine_update":"20190318","engine_| version":"1.0.0. px "method": "bla 
cklist"},"Cyren":{"category":"malicious","engine_ name": "Cyren","en 
gine_update":"20210414","engine_' version":"6.3.0. 2","method":"bla 
cklist","result":"W32/Rozena.AD.gen!Eldorado"}, "SymantecMobilel 
nsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210414","engine_version":"1.14.0.0","method":"bla 
cklist","result": "Backdoor. Rozena’}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210414","engine_version":"23130"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.WZ"},"APEX":{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210413","engine_version":"6.152", 
"method": "blacklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_| name": "Avast","engine_update":"20210414","engine 
_version":"21.1.5827.0", "method": "blacklist","result": "Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210413","engine_version":"0.103.2.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210414" "engine. version":"21. 
0.1.45","method":"blacklist","result":"HEUR:Trojan.Win32.CobaltSt 
rike. gen}, "BitDefender":{" category": "malicious","engine_name":"Bi 
tDefender","engine_update":"20210414","engine_version":"7.2","m 
ethod":"blacklist","result":"Trojan.Agent. DDSN"}, "NANO- 
Antivirus" {"category": "malicious","engine_name":"NANO- 
Antivirus","engine_update": "20210414" ,"engine_version":"1.0.146. 
PasyTiey "method": "blacklist","result":"Virus.Win32.Gen- 
Crypt.ccnc"},"Paloalto" "category": "undetected","engine_name": 
Paloalto","engine_update":"20210414","engine_version":"1.0","me 
thod":"blacklist"},"ViRobot":{"category": “undetected”, "engine_nam 
e":"ViRobot","engine_update":"20210414","engine_version":"2014. 
3. 20.0", "method": "blacklist"},"Tencent": {"category": "undetected","e 
ngine_name":"Tencent","engine_update":"2021041 4 enigie ver 


ngine_name":"Tencent","engine_update":"20210414","engine_ver 
sion":"1.0.0.1" “"method"."blacklist’}, "Ad- 
Aware" "category": "malicious","engine_name":"Ad- 
Aware","engine_update":"20210414","engine_version":"3.0.16.117 
Y "method": "blacklist","result":"Trojan.Agent.DDSN"},"Trustlook":{"c 
ategory”: "type- 
unsupported”,"engine_name":"Trustlook","engine_update"."2021 0 
414","engine_version":"1.0","method":"blacklist"},"Sophos":{"categ 
ory": "malicious", "engine_| name": "Sophos","engine_update":"20210 
414","engine_version":"1.0.2.0","method":"blacklist","result":"ML/P 
E-A + ATK/Cobalt- 
AH"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210414","engine_' version”: "33437","method": ui 
blacklist","result":"TrojWare.Win32.Kryptik. BYGK@59ple7", lee 
Secure" {"category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210414","engine_version":"7.0 
.49.9080", "method": "placklist","result":"Trojan.Siggen6.51060"},"VI 
PRE":{"category":"malicious","engine_name":"VIPRE","engine_up 
date":"20210414","engine_version":"91820","method":"blacklist","r 
esult":"Trojan.Win32.Generic!BT"},"TrendMicro":{"category": "malic 
ious","engine_name":"TrendMicro","engine_update":"20210330"," 
engine_version":"11.0.0.1006","method":"blacklist","result": "Backd 
oor.Win32.COBEACON. SMC", "McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210414", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
ache "Trapmine" :{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"}, "FireEye": 
{"category":"malicious","engine_name":"FireEye","engine_update": 
"20210414","engine_version":"32.44.1.0","method":"blacklist","res 
ult":"Generic.mg.5ea2286efbd352ad"},"Emsisoft":{"category":"mali 
cious","engine_name":"Emsisoft","engine_update":"20210414","en 
gine_version":"2018.12.0.1641", "method": “placklist","result":"Troja 
n.Agent.DDSN 
(B)"},"SentinelOne":{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" "engine_version":"5.0.0.20"," 
method":"blacklist","result":"Static Al - Malicious 
PE"},"GData": {"category": "malicious","engine_name":"GData", 
gine_update":"20210414","engine_version":"A:25.29316B:27. 2965 
3","method":"blacklist", "result™:"Win32. Trojan.Mexec.B"},"Jiangmin 
"{"category":"malicious","engine_name":"Jiangmin","engine_updat 
e":"20210413","engine_version":"16.0.100","method": "blacklist", "re 
sult": "Trojan.Cometer.ayd"},"eGambit":{"category":"malicious","en 
gine_name":"eGambit","engine_update":"20210414", "method":"bla 
cklist","result":"Unsafe. Al_Score - 86%"},"Avira":{"category":"malici 
ous", "engine _| name":"Avira","engine_update":"20210414","engine 
version":"8.3.3.12","method":"blacklist","result":"TR/Crypt.XxPACK 
.Gen"},"MAX": {"category": "malicious" “engine name":"MAX","engi 
ne_update":"20210414","engine_version":"2019.9.16.1", "method": 
"placklist","result":"malware (ai score\u003d88)"},"Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210414","engine_version":"2017. 
9. 26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine _ name":"Gridinsoft" ,"engine_update":"20210414","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"}, "Arcabit": {"category": "malicious" ,"engine_name":"Arc 
abit","engine_update":"20210414","engine_version":"1.0.0.881","m 
ethod": "placklist","result":" Trojan. Agent. DDSN"},"AegisLab": f'cate 
gory": "undetected", "engine_name":"AegisLab","engine_update":"2 
0210414","engine_version":"4.2","method":"blacklist"},"ZoneAlarm 
"{"category":"malicious","engine_name":"ZoneAlarm","engine_up 
date":"20210414","engine_version":"1.0","method": "blacklist", "resu 
It":"HEUR:Trojan.Win32.CobaltStrike.gen"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210414","engine_version":"210414- 
00", "method": "blacklist"},"Microsoft": "category": "malicious","engin 
e_name":"Microsoft","engine_update":"20210414","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "HackTool:Win32/Co 
baltStrike. A"}, "Cynet": {"category":"malicious","engine_name":"Cyn 
et","engine_update":"20210412","engine_version":"4.0.0.27","met 
hod":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 


unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 0414","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis" "category": "undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_' version":"1.1.1. 81", "method":" 
blacklist"},"BitDefenderTheta":{"category":"malicious","engine_na 
me":"BitDefenderTheta","engine_update":"2021 0402" ,"engine_ver 
sion"""7.2.37796.0","method"."blacklist","result":"Al:Packer.BB2E3 
B421E"},"ALYac":{"category":"malicious","engine_name":"ALYac", 
"engine_ update": "20210414","engine_version":"1.1.3.1", "method": 
"blacklist","result":"Trojan. Agent. DDSN"},"TACHYON": {"category": 
"malicious", "engine_name":"TACHYON","engine_update":"202104 
14","engine_version":"2021 -04- 
14.02","method":"blacklist","result":"Trojan/W32.CobaltStrike.2257 
92"},"VBA32":{"category":"malicious","engine_name":"VBA32","en 
gine_update":"20210414","engine_version":"5.0.0","method":"blac 
klist","result":"Trojan.CobaltStrike"},"Malwarebytes":{"category":"m 
alicious","engine_name":"Malwarebytes","engine_update":"20210 
413","engine_version":"4.2.1.18","method":"blacklist","result":"Gen 
eric. Trojan.Malicious.DDS"},"Zoner":{"category":"malicious","engin 
e_name":"Zoner","engine_update":"20210413","engine__ version”:" 
ua 0.0.0", "method": “blacklist","result":"Trojan. Win32.69381 "\,"Trend 
icro- 
HouseCall" {"category": malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210414","engine_version":"10.0.0 
all 040","method": "blacklist", “result”: "Backdoor. Win32. COBEACON. 
SMC"},"Rising":{"category":"malicious","engine_name":"Rising","e 
ngine_update":"20210414" "engine_version": "25.0.0.26", "method": 
"blacklist","result":"Malware.HeuristiclET#1 00% 
(RDMK:cmRtazps7WnO0+4KVx92D8s/jZJJp)"},"Yandex":{"categor 
We "malicious" “"engine_name"."Yandex","engine_update":"2021 04 
13","engine_version":"5.5.2.24","method":"blacklist","result":"Troja 
n. GenAsa!zvVdoDjE9iw't, "Ikarus": {"category": "malicious", "engine 
name":"Ikarus","engine_ update": "20210414","engine_version":"0. 
eS: 2", "method":"blacklist","result":"Trojan.Win32.Swrort"},"MaxSe 
cure’ "category": "malicious", "engine_name":"MaxSecure","engine 
_update":"20210414", "engine. version":"1.0.0.1","method": “blackli 
st", "result":"Trojan. Malware.300983. susgen"}, "Fortinet": {"category" 
"malicious" "engine _| name":"Fortinet","engine_update":"20210414 
""engine_version":"6.2.142.0" :"method":"blacklist”,"result"."W32/R 
ozena.WZ!tr"},"Webroot":{"category":"undetected","engine_name": 
"Webroot","engine_update":"20210414" "engine _ version": "1.0.0.4 
03","method":"blacklist"},"AVG":{"category":"malicious","engine_na 
me":"AVG","engine_update":"20210414", "engine_version": Tllallss 
827.0", "method": "blacklist","result": "Win32:HacktoolX- -gen 
[Trj]"}, "Panda": {"category": "undetected", "engine_name":"Panda"," 
engine_update":"20210413","engine_ version":"4.6.4. Oa "method": 
blacklist"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"2021 041 4","engine_version":"1.0.0.1120"," 
method":"blacklist","result":" HEUR/QVM1 9.1.9411.Malware.Gen"}} 
,"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":54,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":15},"last_modification_date":"161848 
5637","last_submission_date":"1618393438","md5":"5ea2286efbd 
352adfaf3f86af935ac5t", ""meaningful_name": "cobaltstrike -_ shellcod 
e.exe","names": ["cobaltstrike_shellcode. exe"],"reputation":"0","sha 
1":"6e7bc8ea3218e5354491c565ac25db8779340528","sha256":"5 
c6f22baab3c51231c21 1e25428f3b33f380800fd97e7 1 40bd6bObc4f 
ee82bcab","size":"225792","tags":["peexe","direct-cpu-clock- 
access", "checks-network- -adapters", "long- sleeps", "runtime- 
modules’, "times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_ description": "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151c0d1d1d1e7az1a1c\u003dz", "authentihash":"86543 1 fc60508d 
19ef84cd3dt7deeecf65e1a899ct62154a324e1 98a6af5f7c5","magic 
":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","Create Thre 
ad","GetModuleHandleA","SetUnhandledExceptionFilter" ,"GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
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tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection","VirtualQuery","TlsGetValue", "Sleep", "GetCurre 
ntThreadla", "VirtualAlloc", "LeaveCriticalSection' ie ‘library_name": a 
KERNEL322.dll"}, {"imported | functions":["strncmp","___Iconv_init","m 
alloc","___dllonexit","_cexit","abort","fprintf","_fmode","_amsg_| exit", 
"fwrite",”_ palOCKene onexit", "_initenv","exit"," setusermatherr"," ac 
mdlin"," " unlock", "free" ."viprintt", a '_getmainargs", "calloc", "strlen", _ 
winmajor","memcpy","signal","_initterm","__set_app_type","_iob"],” 
lilbrary_name": "msvert.dll"}],"machine _ type”: "332","sections":[{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5": "Obc7c2f2db333e57 
78e909890d9e8894", “name":" .text", "raw size":"7168","virtual_add 
ress":"4096","virtual_size":"6852"}, "chi2": 188014.75,"entropy":2.5 
6,"flags": "rw", "md5":"9d60a3432aa5f4951049c77a5dc197bb","na 
me":".data", "raw __size":"2048","virtual_address":"12288","virtual_si 
ze":"1572"},{"chi2":37294.0 "entropy": 5An3 flagsieane "mds": "77eb2 
142360efdb/76ccae3251d953fba","name":".rdata", "raw size":"102 
4","virtual_address"."1 6384","virtual_size":"720"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98t00b204e9800998 
ecf8427e", “name":" .bss", "raw size":"0","virtual_address":"20480"," 
virtual_size":"1052"},{"chi2":110674.25,"entropy":4.13 »"flags”: ee . 
md5":"33dd26a9f00ba3b34a7aG6b2ae3e68881" ,"name":".idata","r 
w_size":"2048","virtual_address":"24576", "virtual |_size":"1584"}, te 
hi2":123016.0 “entropy”: 0.27,"flags":"rw", *md5":"0c2ac70a2303ea 
6ede1 15718b8aca665","name":".CRT", "raw size":"512","virtual_a 
ddress":"28672","virtual_size":"52"}, {"chi2": 124501.0," "entropy": 0.2 
2,"flags":"rw","md5":"fob2f655a2d41a7ed1460a1 8df87b605", "nam 
en" .tls","raw_size":"512","virtual_address":"32768", "virtual size": x 
32"), {"chi2":11591.27 ,"entropy": i 97 »"flags": "rwx", "md5":"e0073f30 
0d2¢855b84c5765783e2cca9",' "name":".gqbx","raw_size":"211456 
""virtual_address":"36864","virtual_size":"21 1 184"\],"timestamp":" 
1521750900"},"ssdeep":"6144:n77P1bUNqJDOUZU2TIqsN2WIW+ 
6PMK6IDk:n77P1NJ4UzF XW2WIW+6PLDKk", "trid":[{"file_type":"Wi 
n32 Executable MS Visual C++ 
(generic)","probability":38.7},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)", "probability": 20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)", "probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"5c6f22baab3c51231c211e25428 
13b33f30800fd97e7 1 40bd6b0bc4fee82bcab","links":{"self":"https:// 
www.virustotal.com/api/v3/files/5c6f22baab3c51231c211e25428f3 
b33f30800fd97e7 1 40bd6b0bc4fee82bcab"},"type":"file"} 
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{"attributes":{"first_submission_date":"1614663346","last_analysis 


_date":"1614678515","last_analysis_results":{"Bkav":{"category":" 


undetected","engine_name":"Bkav","engine_update":"20210301"," 
engine_version":"1.3.0.9899","method":"blacklist"},"Elastic":{"categ 
ory":"malicious","engine_name":"Elastic","engine_update":"20210 
217","engine_version":"4.0.17","method":"blacklist","result":"malici 
ous (high confidence)"},"MicroWorld- 
eScan" -{"category": "undetected","engine_name":"MicroWorld- 
eScan","engine_update": "20210302", “engine_ version": nee 0.409.0 
% "method": "blacklist"},"FireEye":{"category":"undetected","engine_ 
name": "FireEye","engine_update":"20210302","engine__ version":"3 
2.44.1.0","method": “blacklist’}, "CAT- 
QuickHeal":(' ‘category":"undetected","engine_name":"CAT- 
QuickHeal","engine_update": "20210302" “engine version": "14.00" 
,"method": "blacklist’}, "McAfee":{"category":"malicious","engine_na 
me": "McAfee","engine_update":"20210302", "engine_version":"6.0. 
6.653", "method": "blacklist", "result": "ArtemisIOEESAE54A4D 1 "},"Cy 
lance":{"category":"malicious","engine_name":"Cylance","engine_ 
update":"20210302","engine_ version":"2.3.1. Oia "method":"blackl 
ist","result": "Unsate"}, "Zillya":{"category": "undetected" ,"engine_na 
me":' ‘Zillya","engine_update":"20210228","engine_version":"2.0.0. 
4305", "method": "blacklist"}, "SUPERAntiSpyware": {"category":"und 
etected" ,"engine_name":"SUPERAntiSpyware","engine_update":" 
20210226","engine_version":"5.6.0.1032", "method": "placklist"},"Sa 
ngfor":{"category":"malicious" "engine _ name": "Sangfor","engine_u 
pdate": "20210301","engine_version":"2.9.0.0","method":"blacklist", 
"result":"Trojan.Win32.Save. a’}, "Trustlook": {' 'category": "undetecte 
d","engine_name":"Trustlook","engine_| update": "20210302","engin 
e_version":"1.0","method": "blacklist"}, "Alibaba" :{"category":"malici 
ous","engine_name":"Alibaba","engine_update":"20190527","engi 
ne version": BORS:OF Su" "method": "blacklist","result":"Trojan:Win32/st 
arter.ali1000139"}, "K7GW": {"category": "undetected" ,"engine_nam 
e":"K7GW","engine_update":"20210302","engine_version":"11.167 
36576", "method":"blacklist"},"K7AntiVirus":{"category":"undetecte 
d","engine_name":"K7AntiVirus","engine_update":"2021 0302","en 
gine_version":"11.167.36575","method":"blacklist"},"Arcabit":{"cate 
gory":"undetected","engine_name":"Arcabit","engine_update":"202 
10302","engine_version":"1.0.0.881","method":"blacklist"},"BitDefe 
nderTheta": {"category":"undetected","engine_name":"BitDefender 
Theta","engine_update":"20210223","engine_version":"7.2.37796. 
0", "method": "blacklist"}, "Cyren":{"category":"malicious","engine_na 
me":"Cyren","engine_update":"20210302","engine_version":"6.3.0. 
2" "method":"blacklist","result":"W32/Bulz.AE.gen!Eldorado"},"Sym 
antecMobileInsight”: i category”: "type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method":"blacklist"},"S 
ymantec" {"category":"undetected" "engine name":"Symantec","e 
ngine_update":"20210302","engine_version":"1.14.0.0", "method" os 
blacklist"},"TotalDefense":{"category":"undetected" "engine. name" 
:"TotalDefense","engine_update":"20210302","engine_version":"3 
Vall dey "method": "blacklist"},"Baidu":{"category":"undetected","e 
ngine_| name": "Baidu","engine_| update": "20190318","engine_versio 
n":"1.0.0.2","method":"blacklist"},"TrendMicro- 
HouseCall" i ‘category":"undetected","engine_name":"TrendMicro- 
HouseCall","engine_| update":"20210302","engine_version":"10.0.0 
1040", "method": "placklist"},"Avast":{"category":"undetected" ‘engi 
ne_| name":"Avast" ,"engine_update":"20210301","engine_version": 
"21.1.5827.0","method":"blacklist"},"ClamAV":{"category":"undetec 
ted" "engine_name": "ClamAV","engine_update":"20210301","engi 
ne_version":"0.103.1.0","method":"blacklist"},"Kaspersky":{"catego 
ry":"malicious","engine_name":"Kaspersky","engine_update":"202 
10302","engine_version":"15.0.1.13","method":"blacklist","result":" 
HEUR:Trojan- 
PSW.MSIL.Agensla.gen"},"BitDefender":{"category":"undetected"," 
engine_name":"BitDefender","engine_update":"20210302","engine 
version": "7.2" ,"method":"blacklist"},"NANO- 
Antivirus" {"category": "undetected","engine_name":"NANO- 
Antivirus"," ‘engine _ update":"20210302","engine_ version": "1.0.146. 
25261", "method": ‘blacklist"},"Paloalto":{"category":"type 
unsupported","engine_name":"Paloalto", "engine_update":"202103 
02","engine_version":"1.0","method": "blacklist"}, "ViRobot":{"catego 
ry":"undetected","engine_name":"ViRobot","engine_update":"2021 
0302", “engine_' version":"2014.3.20.0", "method": "blacklist"},"APEX 
"{"category":"type- 
unsupported","engine_name":"APEX","engine_update":"20210301 
= "engine _| version":"6.138", "method": "blacklist"},"Ad- 
Aware":{"category": "undetected"," ‘engine_name":" 
Aware","engine_update": "20210302", "engine _ version”: HHO AIG IZ 


Aware","engine_update":"20210302","engine_version":"3.0.16.117 
""method":"blacklist"},"TACHYON":{"category":"undetected","engi 
ne_name":"TACHYON","engine_update":"20210302","engine_ver 
sion":"2021 -03- 
02.02","method":"blacklist"},"Emsisoft":{"category":"undetected","e 
ngine_name":"Emsisoft","engine_update":"20210302","engine_ver 
sion":"2018.12.0.1641","method":"blacklist"}, "Comodo": {"category" 
:"undetected","engine_name":"Comodo","engine_update":"202103 
02" “"engine_' version”: "33307","method": "blacklist’?, dS 
Secure":{"category":"undetected","engine_name":" 
Secure","engine_update":"20210302","engine_' version":"12.0.86.5 
2","method": “blacklist"}, "DrWeb":{"category":"undetected", “engine 
_name":' '‘DrWeb","engine_update":"20210302","engine_| version":" 
7.0.49.9080", "method": "blacklist"},"VIPRE":{"category":"undetecte 
d","engine_| name": "VIPRE","engine_update":"20210302","engine_ 
version":"90786","method":"blacklist"}, "TrendMicro": {"category":"u 
ndetected" "engine name":"TrendMicro","engine_update":"202103 
02","engine_version":"11.0. 0.1006","method":"blacklist"}," McAfee- 
GW-Edition”: {"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210302","engine_version":"v2019.1.2 
+3728","method":"blacklist","result”: "Artemis! Trojan"},' ‘Trapmine":{ 
"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" ."method":"blacklist"},"CMC"{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210228","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"undetected","engine_name":"Sophos","engine_ 
update":"20210301","engine_version":"1.0.2.0","method":"blacklist 
"\."SentinelOne":{"category":"malicious","engine_name":"Sentinel 
One","engine_update":"20210215","engine_version":"5.0.0.20","m 
ethod":"blacklist","result":"Static Al - Malicious Archive"},"Avast- 
Mobile":{"category":"undetected","engine_name":"Avast- 
Mobile","engine_update":"2021 0302", "engine_version":"21 0302- 
02","method":"blacklist"},"Jiangmin" {"category":"undetectea","engi 
ne_name":"Jiangmin","engine_update":"20210301","engine_\ versio 
n":"16.0.100", "method": "blacklist’}, "Webroot": {"category":"type- 
ineupeencaes ‘engine_name":"Webroot","engine_update":"202103 
02","engine__ version":"1.0.0. 403", "method": "blacklist"},"Avira":{"cat 
egory":"malicious","engine_| name":"Avira" ,"engine_update":"20210 
302","engine_version":"8.3.3.10","method":"blacklist","result":"TR/ 
AD.AgentTesla.dzcsr"},"eGambit":{"category":"type- 
unsupported","engine_name":"eGambit","engine_update":"202103 
02","method":"blacklist"},"Antiy- 
AVL": {"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210302","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210302","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"undetecte 
d" "engine _| name":"Gridinsoft","engine_update":"2021 0302","engin 
e_version":"1.0.30.121","method":"blacklist"},"Microsoft":{"categor 
y":"malicious","engine_ name": "Microsoft","engine_update":"20210 
302","engine_version":"1.1.1 7800.5","method":"blacklist", "result":" 
Trojan: Win32/Woreflint.A!cl"},"AegisLab":{"category":"undetected", 
"engine_name":"AegisLab","engine_update":"20210302","engine_ 
version":"4.2","method":"blacklist"},"ZoneAlarm":{"category":"malici 
ous","engine_name":"ZoneAlarm","engine_update":"20210302","e 
ngine_version":"1.0","method":"blacklist", "result "HEUR: Trojan- 
PSW.MSIL.Agensla.gen"},"GData":{"category":"undetected",' ‘engi 
ne_name":"GData","engine_update":"20210302","engine__ version" 
"A125. 28832B: PT PO Te "method": “blacklist’}, "Cynet":{"category" 
:"undetected","engine_name":"Cynet","engine_update":"20210302 
""engine_| version”: "4.0.0.25", "method": "blacklist"},"BitDefenderFal 
x":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version": "2. 0.936", "method": "blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 0302","engine_version":"3.1 9.5.10130" 
“"method"."blacklist","result"."Trojan/Win32.Kryptik.R368738"},"Acr 
onis":{"category":"type- 
unsupported","engine_name":"Acronis","engine_update":"2021021 
1","engine_version":"1.1.1.81", "method": "blacklist"},"VBA32":{"cat 
egory":"undetected","engine_name":"VBA32","engine_update":"20 
210302" "engine _| version": "4.4. 1", "method": "placklist"}, "ALYac":{"c 
ategory":"failure","engine_name":"ALYac","engine_update":"20210 
302", "engine_version":"1 alleen ""method":"blacklist’},"MAX"{"cate 
gory": "undetected","engine_name":"MAX","engine_update"."2021 
0302","engine_version":"2019.9.16.1","method":"blacklist"},"Malwa 
rebytes":{"category":"malicious" "engine. name":"Malwarebytes","e 
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rebytes":{"category":"malicious","engine_| name": "Malwarebytes", 
ngine_update": "20210302","engine_ version":"4.2.1.18", "method": ” 
blacklist","result":"Malware.Al.4143513970"},"Zoner": {"category": : 
undetected’, “engine_| name":"Zoner","engine_update":"20210301", 
"engine_version":"0.0.0.0", "method": “blacklist"},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"2021 0302" ,"engine_version":"22895"," 
method":"blacklist","result":"a variant of 

MSIL/Kryptik. ZVA"}, "Rising":{"category":"malicious","engine_name 
""Rising","engine_update":"20210302","engine_' version":"25.0.0.2 
6","method":"blacklist","result":"Trojan.Kryptik!8.8 

(CLOUD)"}, "Yandex":{"category":"undetected" "engine _ name":"Ya 
ndex","engine_update":"20210301","engine_version":"5.5.2.24","m 
ethod'": "blacklist"},"Ikarus":{"category":"malicious","engine_| rare”! 4 
Ikarus","engine_update":"20210302","engine_' version”:"0.1.5. oem 
ethod":"blacklist","result":"Trojan.MSIL.Spy"},"MaxSecure": Gaieg 
ory": "undetected" "engine_| name": "MaxSecure","engine_update":" 
20210302","engine_version":"1.0.0.1","method":"blacklist"},"Fortin 
et":{"category":"malicious","engine_ name": "Fortinet","engine_upda 
te": "2021 0302","engine_version":"6.2.142.0", "method": “blacklist","r zi 
esult":"Malicious_Behavior.SB"}, "Cybereason" :{"category":"type- 
unsupported","engine_name":"Cybereason","engine_update":"202 
10208","engine_version":"1.2.449" ,"method":"blacklist"},"Panda":{" 
category":"undetected","engine_name":"Panda","engine_update":" 
20210301" "engine _ version":"4.6.4. 2","method":"blacklist"},"Crowd 
Strike":{"category":"type- 
unsupported","engine_name":"CrowdStrike","engine_update":"202 
10203","engine_ version": mall 0", "method": "blacklist"}, "Qihoo- 

360": {"category”: "malicious","engine_name":"Qihoo 
360","engine_update": "20210302", "engine_' version”: pleOLOS A 2ZOe 
method": “placklist","result": "Generic/TrojanSpy. AgentTesla. HuAA 
SQAA"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":1,"harmless":0,"malicious":19,"Ssuspicious":0,"ti 
meout":0,"type- 
unsupported":10,"undetected":44},"last_modification_date":"16173 
44623","last_submission_date":"1614678515","md5":"010e768628 
1e9a85834bi54de6bcibfb", "meaningful__ name": "RECIEPT_98287 
392092-943.Izh","names": ["RECIEPT | 98287392092- 

943.Izh"], "reputation": "O","sha1":"126cf95936cac5521 867849195 
9Yea8bec1b81 43","sha256":"610472278d265d581 aa291792a34c7f 
chdce8e95b94c0e45e52c23c7c4a2e057","size"."508760","tags":[" 
zip"],"times_submitted":"2","total_votes":{"harmless":"0","malicious 
":"0"},"type_description": Wales ,"type_tag":"zip","unique_: sources":"2 
""vhash":"cf44c3d4ae2f66de8e84a9a315a16b63","bundle_info":{" 
extensions" :{"exe":"1"},"file_types":{"Portable 
Executable":"1"},"highest_datetime":"202 1-03-02 
01:39:38","lowest_datetime":"2021 -03-02 
01:39:38","num_children":"1","type":"ZIP","uncompressed_size":"7 
33696"},"magic":"Zip archive data, at least v2.0 to 
extract","ssdeep":"12288:L7h6rlWrDltr7F9xr4E1kjA2bIO9GW5nN 
SCf9k7j2:PhXWixcGpW5nNi7j2","trid":[{"file_type":"ZIP 
compressed 
archive","probability":80.0},{"file_type":"PrintFox/Pagefox bitmap 
(640x800)","probability":20.0}]},"id":"6f0472278d265d581aa29179 
2a34c7icbdce8e95b94c0e45e52c23c7c4a2e057","links":{"self":"ht 
tps://www.virustotal.com/api/v3/files/6f0472278d265d581aa29179 
2a34c7fcbdce8e95b94c0e45e52c23c7c4a2e057"},"type":"file"} 
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{"attributes":{"creation_date":"1521750900","first_submission_date 
""1617191038","last_analysis_date":"1617191038","last_analysis 
_results":{"Bkav":{"category":"malicious","engine_name":"Bkav","e 
ngine_update":"20210326","engine_version":"1.3.0.9899","method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic":{"category 
""malicious","engine_name":"Elastic","engine_update":"20210217 
""engine_| version":"4.0. 17","method": "blacklist", "result":"malicious 
(high confidence)"}, "MicroWorld- 
eScan" -{" ‘category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210331","engine_version":"14.0.409.0 
iu "method": "blacklist","result":"Trojan.Agent.DDSN"},"FireEye":{"ca 
tegory": "malicious", "engine_name":"FireEye","engine_update":"20 
210331" "engine_version":"32.44.1 .0","method":"blacklist","result": 
"Generic.mg.7da881 59cf7de6c3"},"CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update": "90210331" ,"engine_version":"14.00" 
s"method":"blacklist","result": “Trojan. CobaltStrk. Sil 945361 8"},"McA 
fee" :{"category":"malicious","engine_name":"McAfee","engine_upd 
ate":"20210331" "engine_version":"6.0.6.653","method":"blacklist”, 
"result":"GenericRXLR- 
FS!7DA88159CF7D"},"Cylance":{"category":"malicious","engine _n 
ame":"Cylance","engine_update":"20210331","engine_version":"2. 
Salen Oily method": "blacklist","result": "Unsafe"}, "Zillya":{"category": 
"undetected" ,"engine_name":"Zillya","engine_update":"20210331", 
"engine_version":"2.0.0.4329","method":"blacklist"},"SUPERAntiSp 
yware":{"category":"undetected","engine_name":"SUPERAntiSpyw 
are","engine_update":"20210326","engine_version":"5.6.0.1032"," 
method":"blacklist"},"Sangfor":{"category":"malicious","engine_na 
me":"Sangfor","engine_update":"20210327","engine_version":"2.9. 
0.0", "method":"blacklist", "result":"Trojan.Win32.Save.a"},"K7AntiVi 
rus":{"category": "malicious" ,"engine_name":"K7AntiVirus","engine 
_update":"20210331","engine_version":"11.174.36785","method":" 
blacklist","result": "Trojan ( 00520fd01 
)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba", 
ngine_update":"20190527","engine_version":"0.3.0.5", "method": "bl 
acklist"},"K7GW":{"category":"malicious" "engine_name":"K7GW"," 
engine_update":"20210331","engine_version":"11.174.36787","me 
thod":"blacklist","result":"Trojan ( 00520fd01 
)"),"Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result”:"malicious.9cf7dc"},"Arcabit": {"category": aU 
ndetected","engine_name"."Arcabit","engine_update": 72021033)". 
ones version":"1.0.0.881","method":"blacklist"},"Baidu": "catego 
y":"undetected" "engine _ name":"Baidu","engine_| update": "201903 
#3" ,"engine_version":"1.0.0.2","method":"blacklist"},"Cyren":{"cate 
gory":"malicious","engine_name":"Cyren","engine_update":"20210 
Soile "engine_ version”: yore Oru imathoal: "blacklist","result":"W32/ 
Rozena.AD.gen!Eldorado"},"SymantecMobilelnsight":{"category”:"t 
ype- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious", "engine_| name": "Symantec","eng 
ine_update":"20210331","engine_version":"1.14.0.0","method":"bla 
cklist","result":"Backdoor.Rozena’},"ESET- 
NOD32":{"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210331","engine_version":"23054"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.WZ"},"APEX":{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210331","engine_version":"6.149", 
"method" "blacklist", "result": "Malicious"}, "Avast":{"category":"malici 
ous","engine_name":"Avast","engine_update":"20210331","engine 
version”: Pelee "method": "blacklist","result":"Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210330","engine_version":"0.103.1.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210331","engine_version":"21. 
0.1.45","method":"blacklist","result":"HEUR:Trojan.Win32.Cometer 
.gen"},"BitDefender":{"category":"malicious","engine_name":"BitDe 
fender","engine_update":"20210331","engine_version":"7.2","meth 
od":"blacklist","result":"Trojan. Agent. DDSN"},"NANO- 
Antivirus" {"category": "malicious","engine_name":"NANO- 
Antivirus","engine_update": "20210331" ,"engine_version":"1.0.146. 
25265", "method": "blacklist","result":"Virus.Win32.Gen- 
Crypt. ccnc’}, "Paloalto" {"category": "undetected","engine_name": 
Paloalto", "engine_| update":"20210331", "engine version": "1.0","me 
thod": "blacklist"}," ‘AegisLab" "category": "undetected","engine_na 
me":"AegisLab","engine_update":"20210331 "“engine_version":"4. 


me":"AegisLab","engine_update"."2021 0331 ""engine_version"."4. 
2","method":"blacklist"},"Tencent":{"category":"undetected","engin 
e_name":"Tencent","engine_update":"20210331","engine_' version" 
"7.0.0.1","method": "blacklist"}, "Ad- 
Aware" "category": "malicious","engine_name":"Ad- 
Aware","engine_update":"2021 0331 ","engine_version":"3.0.16.117 
""method":"blacklist","result":"Trojan.Agent. DDSN"},"Trustlook":{"c 
ategory":"type- 
unsupported","engine_name"."Trustlook","engine_update":"20210 
331","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory": "malicious","engine_name":"TACHYON","engine_update": 
"20210331" engine_version":"2021 -03- 
31.02","method":"blacklist","result":"Trojan/W32.Agent.224256.LE" 
},"Sophos":{"category":"malicious","engine_name":"Sophos","engi 
ne_update":"20210331","engine_version":"1.0.2.0","method":"blac 
klist","result":"ML/PE-A + ATK/Cobalt- 
AH"}, "Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210330","engine_version":"33394","method":" 
blacklist","result": "TrojWare.Win32.Kryptik.BYGK@59ple7"},"F- 
Secure" {"category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2s "method": "blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210331","engine_ version":"7.0 
-49.9080","method":"blacklist","result":"Trojan.Siggen6.51060"},"VI 
inl=r {"category": "undetected","engine_name":"VIPRE","engine_u 
pdate":"20210331","engine_version":"91484","method":"blacklist"}, 
"TrendMicro":{"category":"malicious","engine_name":"TrendMicro" 
,"engine_update":"20210330","engine_version":"11.0.0.1006","met 
hod’ olackiist’, "result" "Backdoor Win32.COBEACON.SMC"),"Mc 
Afee 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210331", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
dc"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
ete "engine_| version": "3. 5.0.1023", "method": “blacklist’}, "CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version":"2.10.2019. ill "method": "blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210331","engine_version":"2018.12.0.1641", "method" 
"blacklist","result": "Trojan. Agent.DDSN 
(B)"},"IKarus":{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210331","engine_' version":"0.1.5. 2","method": “blac 
klist","result":"Trojan.Win32.Swrort"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210331","engine_version":"210331- 
00", "method": "blacklist"},"Jiangmin": "category": "malicious","engin 
e_name":"Jiangmin","engine_update":"20210331","engine_version 
"""16.0.100","method":"blacklist","result": "Trojan. Cometer. ayd"}, "e 
Gambit":{"category":"malicious","engine_name":"eGambit","engine 
_update":"20210331","method": “blacklist”, “result":"Unsafe.Al | Scor 
e 56%"},"Avira": {"category": "malicious", "engine _ name":"Avira","en 
gine_update":"20210331","engine_version":"8.3.3.12", "method":"bl 
acklist","result": "TR/Crypt.XPACK.Gen"},"Antiy- 
AVL": {"category": "undetected","engine_name":"Antiy- 
AVL","engine_update":"20210331","engine_version":"3.0.0.1","met 
hod": "blacklist’}, "Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210331","engine_version":"2017. 
9. 26.565","method": “blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft" ,"engine_| update":"20210331","engine_ 
version":"1.0.34.125","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"}, "Microsoft": {"category":"malicious","engine_name":"Mi 
crosoft","engine_update":"20210331" "engine_version"""1 .1.17900 
.7","method":"blacklist" "result": HackTool:Win32/CobaltStrike.A"}, 
"viRobot”: {"category":"undetected","engine_name":"ViRobot","eng 
ine_update":"20210331","engine_version":"2014.3.20.0","method": 
"blacklist"}, "ZoneAlarm" "category": "malicious","engine_name":"Z 
oneAlarm","engine_update":"20210331","engine_version":"1.0","m 
ethod": "blacklist", "result":"HEUR: Trojan. Win32.CobaltStrike. gen " 
"GData":{"category":"malicious","engine_name":"GData","engine_ 
update":"20210331","engine_| version":"A:25.29161B:27. 22487","m 
ethod":"blacklist","result":"Win32.Trojan.Mexec.B"},"Cynet": Geaiag 
ory": "malicious","engine_name":"Cynet","engine_update":"2021 03 
30","engine_version":"4.0.0.25","method":"blacklist","result":"Malici 
ous (score: 100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916","engine_version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
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ab- V3": {"category":"malicious","engine_name":"AhnLab- 
V3","engine_update": "20210331","engine_version":"3.19.7.10132" 
,"method":"blacklist”, "result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis":{"category":"undetected", “engine_| name":"Acronis","e 
ngine_update":"20210211","engine_version":"1.1.1.81", "method":" 
blacklist"},"BitDefenderTheta":{"category":"malicious","engine_na 
me":"BitDefenderTheta","engine_update":"2021 0330" ,"engine_ver 
sion":"7.2.37796.0","method":"blacklist","result":"Al:Packer.204793 
981E"},"ALYac": "category": "malicious","engine_name":"ALYac","” 
engine_update":"20210331","engine_version":"1.1.3.1","method":" 
blacklist","result": "Trojan.Agent.DDSN"},"MAX":{"category":"malici 
ous","engine_name": "MAX","engine_update"."2021 0331","engine 
version":"2019.9.16. 1","method":"blacklist","result":"malware (ai 
score\u003d80)"}, "VBA32": {"category":"malicious","engine_name": 
"VBA32","engine_update":"20210330","engine_' version":"5.0.0","m 
ethod":"blacklist","result":"Trojan.CobaltStrike"},"Malwarebytes":{"c 
ategory": "malicious", "engine_name":"Malwarebytes","engine_upd 
ate":"20210330","engine_version":"4.2.1.18","method":"blacklist","r 
esult":"Generic. Trojan.Malicious. DDS"},"Zoner":{"category":"malici 
ous","engine_name":"Zoner","engine_| update": "20210330","engine 
“version”: "0.0.0.0","method":"blacklist","result":"Trojan.Win32.693 
81"},"TrendMicro- 
HouseCall": {"category": malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"2021 0331","engine_version":"1 0.0.0 
al 040","method”:"blacklist”,"result":"Backdoor.Win32.COBEACON. 
SMC"},"Rising":{"category":"malicious","engine_name":"Rising","e 
ngine_update":"20210331","engine_version":"25.0.0.26", "method": 
"placklist","result":"Malware.Heuristic!ET#100% 
(RDMK:cmRtazqergayNsEbImuuouLHBIUv)"},"Yandex":{"category 
""malicious","engine_name":"Yandex","engine_update":"2021033 
0","engine_' version":"5.5.2. 24" "method":"blacklist","result":"Trojan. 
GenAsalzvVdoDjE9iw"}, "SentinelOne": {"category":"malicious","en 
gine_name":"SentinelOne","engine_update":"20210215" "engine _ 
version":"5.0.0.20","method":"blacklist","result":"Static Al - 
Malicious 
PE"}, "MaxSecure": {"category":"malicious","engine_name":"MaxSe 
cure","engine_update":"20210331" "engine_version":"1 .0.0.1","me 
thod": "blacklist","result":"Trojan.Malware.300983.susgen"}," Fortine 
t":{"category": "malicious" ,"engine_name":"Fortinet","engine_updat 
e":"20210331","engine_version":"6.2.142.0","method":"blacklist","r 
eeule "W32/Rozena. WZitr"}, "Webroot":{"category":"undetected","e 
ngine_name":"Webroot","engine_update":"20210331","engine_ver 
sion":"1.0.0.403", "method": "placklist"},"AVG":{"category":"maliciou 
s","engine_name":"AVG","engine_update":"20210331","engine_ve 
rsion":"21.1.5827.0", "method": "blacklist","result": "Win32:HacktoolX 
-gen 
[Trj]"},"Panda":{"category":"undetected","engine_name":"Panda"," 
engine_update":"20210330","engine_version":"4.6.4.2", "method":" 
blacklist"}, "CrowdStrike": {"category":"malicious" "engine name":"C 
rowdStrike","engine_update":"20210203","engine_version":"1.0"," 
method": "blacklist", "result":"win/malicious _confidence_100% 
(D)"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210331" "engine_version":"1 OOM 12025 
method":"blacklist","result":" HEUR/QVM1 9.1.45C3.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":18},"last_modification_date":"161728 
8309","last_submission_date":"1617191038","md5":"7da88159cf7 
de6c3c47e02e45febac5t","meaningful_name”: "cobaltstrike_shellc 
ode.exe","names"["cobaltstrike_shellcode.exe"],"reputation":"0","s 
ha1":"bb182557607685748d6622aa2602e9bac7e41 1 60"."sha2e6 
""eC3125384833c72867d16a1 abf5b833d8aede46a560a605fd20e 
c1f63805acfc","size":"224256","tags"["peexe"],"times_submitted": 
"{","total_votes":{"harmless":"0","malicious":"0"},"type_description" 
"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151c0d1d1d1e7az1a1c\u003dz", "guthentihash":"a3add62499097 
d6df437604ddc6af89e147682bc0ed485691 43fb8206259d612","m 
agic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","Create Thre 
ad","GetModuleHandleA","SetUnhandledExceptionFilter" ,"GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 


View on VirusTotal 
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tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection","VirtualQuery","TlsGetValue", "Sleep", "GetCurre 
ntThreadla", "VirtualAlloc", "LeaveCriticalSection' ie ‘library_name": a 
KERNEL322.dll"}, {"imported functions":["strncmp","__Iconv_init","m 
alloc","___dllonexit","_cexit","abort","fprintf","_fmode","_amsg_| exit", 
"fwrite",”_ palOCKane onexit", "_initenv","exit"," setusermatherr"," ac 
mdlin"," " unlock", "free" ."viprintt", a '_getmainargs", "calloc", "strlen", _ 
winmajor","memcpy","signal","_initterm","__set_app_type","_iob"],” 
lilbrary_name": "msvert.dll"}],"machine _ type”: "332","sections":[{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5": "Obc7c2f2db333e57 
78e909890d9e8894", “name":" .text", "raw size":"7168","virtual_add 
ress":"4096","virtual_size":"6852"}, "chi2": 188014.75,"entropy":2.5 
6,"flags": "rw", "md5":"9d60a3432aa5f4951049c77a5dc197bb","na 
me":".data", "raw __size":"2048","virtual_address":"12288","virtual_si 
ze":"1572"},{"chi2":37294.0 "entropy": 74.23,"flags":"r" "mds": "77eb2 
142360efdb76ccae3251d953fba","name":".rdata", "raw size":"102 
4","virtual_address"."1 6384","virtual_size":"720"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e", “name":" .bss", "raw size":"0","virtual_address":"20480"," 
virtual_size":"1052"},{"chi2":1 10669.75,"entropy":4.14,"flags":"rw"," 
md5":"ba8783a847213c657d581 497afaa4590", "name":".idata", "ra 
w_size":"2048","virtual_address":"24576","virtual_size":"1584"},{"c 
hi2":123016.0 “entropy”: 0.27,"flags":"rw", *md5":"0c2ac70a2303ea 
6ede1 15718b8aca665","name":".CRT", "raw size":"512","virtual_a 
ddress":"28672","virtual_size":"52"}, {"chi2": 124501.0," "entropy": 0.2 
2,"flags":"rw","md5":"fob2f655a2d41a7ed1460a1 8df87b605", "nam 
en" .tls","raw_size":"512","virtual_address":"32768", "virtual size": 5 
32"), {"chi2":10622.85,"entropy":7.97,"flags":"rwx", "md5":"2c33e68 
e4db55270953a367c05d32314", "name":".kqdz", "raw. size":"20992 
0","virtual_address":"36864","virtual_size":"209648"}],"timestamp": 
"1521750900"},"ssdeep":"6144:wMFwULUrhaQL2Hbot+K/9UsGH 
9V7RIbhFkI697fz:jidaRsn/9POBEhFC6","trid":[{"file_type":"Win32 
Executable MS Visual C++ 
(generic)","probability":38.7},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)", "probability": 20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)", "probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"ec3125384833c72867d1 6al a6f 
5b833d8aede46a560a605fd20ec1f63805acfc","links":{"self":"https: 
/www.virustotal.com/api/v3/files/ec3 125384833c72867d16a1a6f5 
b833d8aede46a560a605fd20ec1f63805acfc"},"type":"file"} 
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{"attributes":{"creation_date":"1260053452","first_submission_date 
""1614721210","last_analysis_date":"1614924373","last_analysis 
_results":{"Bkav":{"category":"malicious","engine_name":"Bkav","e 
ngine_update":"20210304" "engine_version"."1 -3.0.9899","method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic":{"category 
""undetected","engine_name":"Elastic","engine_update":"2021021 
Ta "engine version":"4.0. 17","method": "placklist’}, "MicroWorld- 
eScan" -{"category": "undetected", "engine_name":"MicroWorld- 
eScan","engine_update": "20210305", “engine_ version": ae 0.409.0 
% "method": "blacklist"},"FireEye":{"category":"undetected","engine_ 
name": "FireEye","engine_update":"20210305","engine_| version":"3 
2.44.1.0","methoad": “blacklist’}, "CAT- 
QuickHeal":(' ‘category":"undetected","engine_name":"CAT- 
QuickHeal","engine_update": "20210305" “engine version": "14.00" 
,"method": "blacklist’}, "McAfee":{"category":"malicious","engine_na 
me": "McAfee","engine_update":"20210305", "engine_version":"6.0. 
6.653","method":"blackiist","result":"Artemis \2F76B02581 62"},"Cyl 
ance":{"category":"malicious","engine_name":"Cylance","engine_u 
pdate":"20210305","engine_version":"2.3.1.101","method":"blackli 
st","result": "Unsafe"}, "VIPRE":{"category":"malicious","engine_na 
me": "VIPRE","engine_update":"20210305","engine_ version":"9085 
4" "method": "blacklist", "result":"Trojan.Win32.Generic!BT"},"Aegis 
Lab": {"category": "malicious", "engine_name":"AegisLab","engine_u 
pdate":"20210305","engine_version":"4.2","method":"blacklist","res 
ult" "Trojan.Win32. injuke.4!c"},"Sangfor":{category":"malicious","e 
ngine_name":"Sangfor","engine_update":"20210303","engine_ver 
sion":"2.9.0.0","method": "blacklist","result":"Trojan.Win32.Injuke.g 
en"}, "K7AntiVirus": {"category":"undetected","engine_name":"K7An 
tiVirus","engine_update":"20210305","engine_version":"11.168.36 
61 7","method":"blacklist’},"BitDefender":{"category":"undetected"," 
engine_name":"BitDefender","engine_update":"20210305","engine 
_version":"7.2","method": "blacklist"? "K7GW":{"category": "undetect 
ed","engine_ name": "K7GW","engine_update":"20210305", “engine 
_version":"11.168.36616","method":"blacklist’}, "Cybereason" :{"cat 
egory":"undetected", "engine name":"Cybereason","engine_updat 
e":"20210208" "engine_| version": "1.2.449", "method": "blacklist "Bi 
tDefenderTheta” :{"category":"undetected","engine_name":"BitDefe 
nderTheta","engine_update":"20210304" "engine. version":"7.2.37 
796.0", "method": "placklist"},"Cyren":{"category":"malicious","engin 
e_name":"Cyren","engine_update":"20210305","engine_version":" 
6.3.0.2","method":"blacklist",""result":"W32/Neoreklami.F. gen!Eldor 
ado"}, "SymantecMobilelnsight”: {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126" "engine_| version": pl Om "method": "blacklist"},"S 
ymantec":{"category":"undetected","engine_name": "Symantec","e 
ngine_update":"20210304" engine version":"1.14.0. rf "method": He 
blacklist"},"ESET- 
NOD32":{"category":"undetected","engine_name":"ESET- 
NOD32","engine_update"."2021 0305" ,"engine_version"."2291 oune 
method":"blacklist"},"Baidu":{"category":"undetected","engine_nam 
e":"Baidu","engine_update":"20190318","engine_' version":"1.0.0.2" 
crnathod"™ "blacklist"}, "APEX": {"category": "malicious", “engine_| nam 
e":"APEX","engine_update":"20210301","engine_version":"6.138", 
"method": "blacklist", "result":"Malicious"}, “Avast”: {"category":"malici 
ous","engine_| name": "Avast","engine_update":"20210305","engine 
_version":"21.1.5827.0", "method": "blacklist","result": "Win32: Adwar 
e-gen 
[Adw]"},"ClamAV":{"category":"undetected","engine_name":"Clam 
AV","engine_update":"20210303","engine_version":"0.103.1.0","m 
ethod":"blacklist"},"Kaspersky":{"category":"malicious","engine_na 
me":"Kaspersky","engine_update":"20210305" "engine_version":"1 
5.0.1.13","method":"blacklist","result":"HEUR:Trojan.Win32.Injuke. 
gen"}, "Alibaba": {"category": "malicious" ,"engine_name":"Alibaba"," 
engine_update":"20190527","engine_version":"0.3.0.5", "method": Ba 
blacklist","result":"Trojan:Win32/Injuke.7f2cb1 de"},"NANO- 
Antivirus" :{"category":"undetected","engine_name":"NANO- 
Antivirus","engine_update":"20210305","engine_version":"1.0.146. 
25265", "method": “blacklist’}, "ViRobot":{"category":"undetected","e 
ngine_name":"ViRobot","engine_update":"20210305","engine_ver 
sion":"2014.3.20.0", "method": "blacklist"},"Tencent":{"category":"un 
detected" "engine_| name":"Tencent" ,"engine_update":"20210305", 
“engine_ version":"1.0.0.1","method":"blacklist"},"Ad- 
Aware" -{"category": "undetected", "engine_name":"Ad- 
Aware","engine_update":"20210305","engine_version":"3.0.16.117 
" "method": "blacklist"},"Trustlook": {"category”: "type- 
unsupported", "engine_name":"Trustlook","engine_update":"20210 
305","engine_version":"1 .0","method":"blacklist"}, "Emsisoft" ("cate 
gory":"undetected","engine_name":"Emsisoft","engine_update":"2 


gory":"undetected","engine_name":"Emsisoft","engine_update":"2 
0210305","engine_version":"2018.12.0.1641","method": pee 
"Comodo":{"category":"undetected","engine_| name": "Comodo","e 
gine_update":"20210305","engine_version":"33316","method": ‘bla 
cklist"},"F-Secure":{"category""undetected","engine_name":"F- 
Secure","engine_update":"20210305","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"undetected","engine 
name": "DrWeb","engine_update":"20210305","engine_version":" 
7, 0.49.9080", "method": “blacklist’}, "Zillya": {"category": "undetected" 
,"engine_name":"Zillya","engine_update":"20210304","engine_ver 
sion”:"2.0.0. 4306", "method": "blacklist"},"TrendMicro": "category": Be 
undetected","engine_| name": "TrendMicro", “engine_| update":"20210 
305", "engine. version":"11.0.0.1006", "method": "blacklist"},"McAfee 
ae Edition":{"category":"malicious","engine_name":"McAfee- 


Edition","engine_update":"20210305","engine_version":"v2019.1 
+3728", "method": "blacklist","result": "BehavesLike.Win32.PUP. ict 
"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
eta "engine_| version": "3. 500237 "method": “blacklist’}, "CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210303","engine_' version":"2.10.2019. ile "method": "blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate":"20210304","engine_version":"1.0.2.0","method":"blacklist", 
"result":"Generic PUA OD 
(PUA)"},"Ikarus":{"category":"malicious","engine_name"."Ikarus","e 
ngine_update":"20210304" "engine_version”: "0.1.5.2","method": "bl 
acklist’,"result":"Trojan-Downloader.NSIS.Adload"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210304","engine_version":"210304- 
00","method":"blacklist"},"Jiangmin" {"category":"undetected","engi 
ne_name":"Jiangmin","engine_update":"20210303","engine_versio 
n":"16.0.100", "method": “blacklist'}, "Webroot": {"category": "undetect 
ed ,"engine_name":"Webroot","engine_update":"20210305","engin 
e_version":"1.0.0.403", "method": "blacklist"},"Avira":{"category":"un 
detected" "engine_| name":"Avira","engine_update":"20210305", "en 
gine_version":"8.3.3.12", "method": "blacklist"},"MAX":{"category":"u 
ndetected","engine_| name":"MAX" ,"engine_update":"20210305","e 
ngine_version":"2019.9.16.1", "method": "blacklist"},"Antiy- 
AVL":{"category": "undetected" ,"engine_name":"Antiy- 
AVL","engine_update":"20210305","engine_' version’: "3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"2021 0305","engine_version":"201 Ue 
9. 26. 565i- "method": "blacklist’}, "Microsoft":{"category":"undetected 
,"engine_name":"Microsoft","engine_update":"20210305","engine 
version": "4.1.17800.5", "method": "blacklist"},"Gridinsoft":{"categor 
y":"undetected","engine_name":"Gridinsoft","engine_update":"202 
+0305" "engine_version":"1.0.31.122","method":"blacklist"},"Arcabi 
te {"category": "undetected”,"engine_name":"Arcabit","engine_upda 
te":"20210305","engine_version":"1. 0.0.881","method"."blacklist"}," 
SUPERAntiSpyware": {"category":"malicious","engine_name": "SU 
PERAntiSpyware","engine__ update": "20210226","engine_version": 
"5.6.0.1032","method":"blacklist","result": "Adware.Neoreklami/Vari 
ant"},"AhnLab- 
V3":{"category":"undetected","engine_name":"AhnLab- 
V3","engine_update":"20210305","engine_| version"."3.19.5.1 0130" 
"method": "blacklist"}, "ZoneAlarm": {"category":"malicious","engine 
name":"ZoneAlarm","engine_update":"20210305" engine. versio 
n":"1.0","method": "blacklist", "result":"HEUR: Trojan. Win32. Injuke.g 
en’), "GData": {"category": "undetected", "engine_name":"GData","e 
ngine_update":"20210305","engine_ version":"A:25.28859B:27. D314 
80","method":"blacklist"},"Cynet":{"category":"malicious","engine_n 
ame": "Cynet","engine_update":"20210305","engine_| version”:"4.0. 
0.25","method":"blacklist","result":"Malicious (score: 
100)", "BitDefenderFalx": {"category": "type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine. version":"2.0.936", "method": "placklist"}, "Total 
Defense" :{"category":"undetected","engine_name":"TotalDefense", 
"engine_update":"20210305", "engine _ version”:"37.1.62.1", "metho. 
d":"blacklist"},"Acronis":{"category":"undetected","engine_| name":" 
Acronis","engine_update":"20210211","engine_version":"1.1.1.81", 
"method":"blacklist"},"VBA32":{"category":"malicious","engine_na 
me":"VBA32","engine_| update": "20210304","engine_version":"4.4. 
1","method":"blacklist","result": "suspected of 
Trojan. Downloader.gen.h"},"ALYac":{"category":"undetected","eng 
ine_name":"ALYac","engine_update":"20210305" "engine_| version 
""1-1.3.1","method":"blacklist"},"TACHYON":{"category":"undetect 
ed" engine. name":"TACHYON","engine_update":"20210305","en 


ed","engine_name":"TACHYON","engine_update":"20210305","en 
gine_version":"2021-03- 
05.01","method":"blacklist"}, "Malwarebytes": {"category": 


malicious 
,"engine_name":"Malwarebytes","engine __ update": "20210305","en 
gine version":"4.2.1.18", "method" :"blacklist","result":"Trojan. AdLo 
ad"},"Panda":{"category":"undetected" engine. name":"Panda","e 
ngine_update":"20210304","engine_version":"4.6.4.2", "method": "bl 
acklist"},"Zoner":{"category":"undetected","engine_| name": "Zoner", 
"engine_ update": "20210304","engine_version":"0.0.0.0", "method": 
"placklist"},"TrendMicro- 
HouseCall": {' ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"2021 0305","engine_version":"1 0.0.0 
.1040","method":"blacklist","result":" TROJ | GEN.ROO2H07C221"}," 
Rising":{"category":"undetected","engine_name":"Rising","engine _ 
update":"20210305","engine_version":"25.0.0.26","method":"blackl 
ist"},"Yandex":{"category":"undetected","engine_name":"Yandex"," 
engine_update". "20210303","engine_ version":"5.5.2. 24", "method": 
"blacklist"},"SentinelOne":{"category":"undetected", "engine | name" 
:"SentinelOne","engine_update":"20210215" engine. version":"5.0 
1012017 “method”: “blacklist’}, "eGambit":{"category":"undetected","en 
gine_name":"eGambit","engine_update":"20210310","method": "bla 
cklist"}, "Fortinet": {"category": "malicious","engine_name":"Fortinet", 
“engine_update":"20210305","engine_version":"6.2.142.0","metho 
d":"blacklist","result": "NSIS/Adload. 9796!tr"},"MaxSecure":{"catego 
van "undetected" ,"engine_name":"MaxSecure","engine_update":"2 
0210304","engine_version":"1.0.0.1","method":"blacklist"},"AVG":{" 
category":"malicious","engine_name":"AVG","engine_update":"202 
10305","engine_version":"21.1.5827.0","method":"blacklist","result 
""Win32:Adware- -gen 
[Adw]"},"Paloalto":{"category":"undetected","engine_name":"Paloal 
to","engine_update":"20210305","engine_version":"1.0","method":" 
blacklist", "CrowdStrike”: {"category":"undetected","engine_name": 
"CrowdStrike","engine_update":"20210203","engine_version":"1.0" 
,"method": "blacklist"}, "Qihoo- 
360": {"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210305","engine_version":"1.0.0.1120"," 
method": "blacklist","result": "Win32/T rojan.Injuke. HoMASQAA"}}, vf 
ast_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":23,"Ssuspicious":0,"ti 
meout":0,"type- 
unsupported": 5,"undetected":48},"last_modification_date":"161743 
0878","last_submission_date":"1614721210","md5":"2f76b025816 
251a5¢e348e821425a91c9" ,"meaningful__ name":"2f76b025816251 
a5e348e821425a91 cd. virus","names":["2f76b025816251a5e348e 
821425a91c9.virus"],"rep utation": "0","sha1":"e378065992d4c8e4a 
f1901aebc5f0d54f1 42570b" "sha256":"8184b3d09c1fb015c7829ef 
ad7310eefc8da7804d578ccb10f15301cbb957e6a","size":"75838", 
"tags":["peexe", "runtime-modules","direct-cpu-clock- 
access","overlay"],"times_submitted":"1","total_votes":{"harmless": 
"0","malicious":"0"}, "type description": "Win32 
EXE" ,"type_tag":"peexe","unique_sources":"1","vhash":"07405665 
5d5c05509043z8003b7z47z62z3e03dz", "guthentihash":"669e9f9d 
5ef5d48eaa57fcc083tl 90e9d 1 f46F1 7ecadb3add092d02cd4d1331 
ee ,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 
bit","pe_info":{"entry_point":"12538","imphash":"7fa974366048f9c5 
51ef45714595665e" ,import_list":[{' ‘imported_| functions" :["GetFileV 
ersionInfoSizeA","GetFileVersionInfoA","VerQueryValueA"],"library 
name":"VERSION. dll"},{"imported_ functions": ["GetDeviceCaps"," 
SetBkMode", "CreateBrushIndirect", "CreateFontIndirectA","Select 
Object", "SetBkColor", "DeleteObject'”," ‘SetTextColor"]," 'library_nam 
e":"GDI32.dll"},{"imported_functions":|"RegDeleteKeyA","RegClos 
eKey","RegQueryValueExA","RegSetValueExA","RegEnumValue 
A","RegCreateKeyExA","RegOpenKeyExA","RegEnumKeyA","Re 
gDeleteValueA"],"library_name":"ADVAPI32.dll"},{"imported_functi 
ons":["GetLastError","IstrlenA","GetFileAttributesA","GlobalFree"," 
WaitForSingleObject","GetExitCodeProcess","CopyFileA","ExitPro 
cess","SetFileTime","GlobalUnlock","LoadLibraryA","GetModuleFil 
eNameA","GetShortPathNameA","GetCurrentProcess","LoadLibra 
ryExA","CompareFileTime","GetPrivateProfileStringA","WritePrivat 
eProfileStringA","GetFileSize","|strcatA","CreateDirectoryA","Delet 
eFileA","GetWindowsDirectoryA","SetErrorMode","MultiByteT oWid 
eChar","GetCommandLineA","GlobalLock","SetFileAttributesA","S 
etFilePointer","GetTempPathA","CreateThread","IstrempiA","GetM 
oduleHandleA","IstrempA","ReadFile","WriteFile","FindFirstFileA"," 
CloseHandle","GetTempFileNameA","IstrcpynA","FindNextFileA"," 
RemoveDirectoryA","GetSystemDirectoryA","GetDiskFreeSpaceA 
"\"ExpandEnvironmentStringsA","GetFullPathNameA","FreeLibrar 


"\"ExpandEnvironmentStringsA","GetFullPathNameA","FreeLibrar 
y","MoveFileA","CreateProcessA","GlobalAlloc","SearchPathA","Fi 
ndClose","Sleep","CreateFileA","GetTickCount","GetVersion","Get 
ProcAddress","SetCurrentDirectoryA","MulDiv"],"library_name":"K 
ERNEL322.dll"},{"imported_functions":["SHGetFilelnfoA","SHGetSp 
ecialFolderLocation","SHBrowseForFolderA","SHGetPathFromIDL 
istA","ShellExecuteA","SHFileOperationA"],"library_name":"SHELL 
32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree" 
,"Olelnitialize","CoCreatelnstance"],"library_name":"ole32.dll"},{"im 
ported_functions":["EmptyClipboard","GetMessagePos","EndPaint 
""CharPrevA","EndDialog","BeginPaint","PostQuitMessage","Def 
WindowProcA","SetWindowTextA","SetClassLongA","LoadBitmap 
A","SetWindowPos","GetSystemMetrics","|sWindow","AppendMen 
uA","GetWindowRect","DispatchMessageA","ScreenToClient","Set 
DigltemTextA","MessageBoxIndirectA","LoadImageA","GetDlglte 
mTextA","PeekMessageA","SetWindowLongA","|IsWindowEnabled 
""GetSysColor","CheckDlgButton","GetDC","FindWindowExA","Sy 
stemParametersInfoA","CreatePopupMenu","wsprintfA","DialogBo 
xParamA","SetClipboardData","|sWindowVisible","GetClassInfoA", 
"SetForegroundWindow","GetClientRect","CreateWindowExA","G 
etDigltem","CreateDialogParamA","DrawTextA","EnableMenultem 
""RegisterClassA","InvalidateRect","GetWindowLongA","SendMe 
ssageTimeoutA","SetTimer","LoadCursorA","TrackPopupMenu","S 
endMessageA","FillRect","ShowWindow","OpenClipboard","CharN 
extA","CallWindowProcA","GetSystemMenu","EnableWindow","Cl 
oseClipboard","DestroyWindow","ExitWindowsEx","SetCursor"],"li 
brary_name":"USER32.dll"},{"imported_functions":["ImageList_Cre 
ate","Ord(17)","ImageList_| Destroy”, "ImageList_AddMasked"},"libr 
ary_name":"COMCTL82.dll"}],"machine_type":"332","overlay":{"chi 
2":391.111328125,"entropy":7.99000358581 543, "filetype":"Data"," 
md5":"59487e97386738 1 a0088e3c376dea350","offset":"47616","s 
ize""28229"\ "resource. details"[{"chi2":56947.50390625,"entropy 
"6.2661 15665435791 ,"filetype":"Data","lang":"ENGLISH 
US","sha256":"d442adb90ba296c7e6 1 7d2f58d6fa6f308bcd8ef65e 
5e9c66db4dd27f93ictbe", "type":"RT_ICON"},{"chi2":101991.0546 
ae ,"entropy":5.999302387237549, "filetype" :"Data","lang":"ENGLI 


US","sha256":"50279c9885b490e74b49ac0273940b6e0891 b62fc 
9ffo5c52e35422a694f248b","type":"RT_ICON"}, {"chi2":48756.125, 
Gene 6.244589805603027,"filetype":"Data","lang":"ENGLISH 

US","sha256":"9da1013c864092e49c2676b3ba68a0d4513457d77 
d251730ed73cc5f4a4813b1","type":"RT_ICON"},{"chi2":76011.51 
epee ‘entropy":5.015015125274658,"filetype":"Data","lang":"ENG 
LISH 

US","sha256":"61f762babde9942f43ee97 154b8734efeed0632a6e 
a778dc395793ae3e3e7507","type":"RT_ICON"},{"chi2":14707.675 
a ,"entropy":6. 1605634689331 055,"filetype":"Data","lang":"EN 
US","sha256":"69e6579a37fcaec037634e7fecbfc6a26093ea81 dc 
4bd555d8a12187d2cd0866","type":"RT_ICON"},{"chi2":35742.878 
Oe; ,"entropy":3.341 460943222046, "filetype":"Data","lang":"EN 

LISH 

US","sha256":"f06 189b43a5c1d6cc5d1b7cbf6ab56b1 157ec5280 
7945d652274a211462cba5","type":"RT_ICON"},{"chi2":14252.757 
a 25,"entropy":3.04231 7390441 8945,"filetype":"Data","lang":"EN 

LISH 

US","sha256":"491 e52ded039ec668427 7e6f1f820e288763ae6d20 
e682bcfffb6cee4518ac23" ,"type":"RT_ICON"},{"chi2":18877.7753 
ere ,"entropy":2.7181291580200195,"filetype":"Data","lang":"EN 

ISH 

US","sha256":"b29c7a1 301 ddb0e896faf944d8ea8i4e57ff4t3d5ic3 
e5dc5bf3e64ed6be2fdd" ,"type":"RT_DIALOG"},{"chi2":52568.703 
Nee "entropy":2.7389302253723145,"filetype":"Data","lang":"ENG 


LISH 
US","sha256":"425b8270f7ca42a927eaebbea468aci4 1 4a3e4b58b 
5ba2c56aaae4d1b2c11014","type":"RT_DIALOG"},{"chi2":24856.5 
41015625,"entropy":2.91 14809036254883 ,"filetype":"Data","lang": 
"ENGLISH 

US","sha256":"4a55bd7 1 4f5d50cd8eabba10e57f0618f184271 7dcf 
a582d73a917b1933cd1d4","type":"RT_DIALOG"},{"chi2":21655.3 
arene ,"entropy":2.927863836288452, "filetype" :"Data","lang":" 

US","sha256":"18466509968c3cObf92ba4 1 Ofea075def2b257a5a7 
99a113cbc60f13e75f4b01","type":"RT_DIALOG"},{"chi2":7989.538 
57421875,"entropy":2.6691031455993652,"filetype":"Data","lang": 
"ENGLISH 
US","sha256":"fed46e06346fb8f64b1 4c18408a82caf955929ac0e6 
5151630539dc5bd194584","type":"RT_GROUP_ICON"},{"chi2":47 


View on VirusTotal 
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5151630539dc5bd194584","type":"RT_GROUP _ICON"}, {"chi2":47 
19.08154296875," aieey :5.103940486907959, "filetype":"applica 
tion/xml","lang": "ENGLISH 
US","sha256":"88c91f1 165efa7a0b506ba4eba225b865b414 1 798c 
813648a1677f6bf3e1 efcd","type":"RT_MANIFEST"}],"resource_la 
yee {"ENGLISH 
US":"13"},"resource_types":{"RT_ICON":"7","RT_GROUP_ICON": 
"1"""RT_DIALOG":"4","RT_MANIFEST":"1"},"sections":[{"chi2":192 
926.69. “entropy":6. 44 "flags": , "md5":"856b32eb7 7did6fb6 7f2 1 
d6543272da5","name":".text","raw_size":"24064","virtual_address" 
:"4096","virtual_size": "23628", {"chi2":149395.7,"entropy":5.05,"fla 
GSueute "md5": "de77f8at €6985a4361c55642680ddb4"", "name":".rd 
ata","raw_size":"5120","virtual_address": "28672","virtual | size":"47 
64"), {"chi2":26990.0,"entropy":4.8,"flags":"rw","md5":"7922d4ce1 1 
7d7d5b3ac2cffe4b0b5e4t", "name":".data", "raw _size":"1024","virtu 
al_address":"36864", "virtual | size":"154712") {"chi2":- 
1.0,"entropy":0.0," 'lags”: Tw "md5":"d41d8cd98f00b204e9800998 
ecf8427e","name":".ndata","raw_size":"0","virtual_address":"19251 
2","virtual_size":"77824"}, t'chi2" 446800. 81, "entropy":5.95,"flags": 
re ."md5":"c6b17746285bd89a9cc331 45ac52bfa9", "name":".rsrc",” 
raw size's| 6384", "virtual_address":"270336","virtual_size":"1 635 
2"}],"timestamp":"1260053452"},"ssdeep":"1536:KpgpHzb9dZV X9F 
HMvGOD3XJ54Romu/dBTztlGlf2mBi3nn:lgXdZt9P6D3XJ5456zt7 
Ohnn","trid":[{"file_type":"NSIS - Nullsoft Scriptable Install 
System","probability":92.7},{"file_type":"Win32 Executable MS 
Visual C++ (generic)","probability":3.4},{"file_type":"Win64 
Executable (generic)","probability":1.1},{"file_type":"Win16 NE 
executable (generic)","probability":0.7},{"file_type":"Win32 
Dynamic Link Library 
(generic)","probability":0.7}]},"id":"8184b3d09c1 fb015c7829efad73 
10eefc8da7804d578ccb1 0f15301cbb957e6a","links":{"self":"https:/ 
/www.virustotal.com/api/v3/files/8184b3d09c1 fb015c7829efad731 
Oeefc8da7804d578ccb1 0f15301cbb957e6a"},"type":"file"} 
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0 
QQBrowserWeblnstaller.exe 


e€4030770c5d6671c5e4b57cb21e99622407b256e0077f5ddca4945 
61c6c3703bc 


aafb685 1233c39c46062950be8c5cf83.virus, 
QQBrowserWeblnstaller, QQBrowserWeblnstaller.exe 


REEXE 

Win32 EXE 
aafb6851233c39c46062950be8c5cf83 

bd83d1 100adc3f1d371d6fd04913185eb8bbea99 


e4030770c5d667 1c5e4b57cb21e99e22407b25e0077f5ddca4945 
61c6c3703bc 


035056655d15555058z6c1233247240101181261227z 


d01ed55404cbd3623b8c0e7bbadf607b032bc54701b82a759f1 17c 
573cbb716b 


3072:8A9BLIYm1sUM/oJeNtqxnCBEWILeA0TIfQctVArxhY2m3+z 
4pTGH2BBUS9yBXJu:8gakNOxC+Le9lcEXiygPI5u 
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359381 
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Vifile 


{"attributes":{"creation_date":"1392261458","first_submission_date 
""1614752468","last_analysis_date":"1614752468","last_analysis 
_results":{"Bkav":{"category":"failure","engine_name":"Bkav","engi 
ne_update":"20210302" "engine _| version":"1 3. 0.9899","method":" 
blacklist"},"Elastic":{"category":"undetected","engine_| name":"Elasti 
c","engine_update":"20210217","engine_| version": "4.0.17","method 
e blacklist’), "MicroWorld- 
eScan" -{"category": "undetected","engine_name":"MicroWorld- 
eScan","engine_update": "20210303", “engine_ version": ae 0.409.0 
: "method": "blacklist"},"FireEye":{"category":"undetected","engine_ 
name": "FireEye","engine_update":"20210303","engine__ version":"3 
2.44.1.0","method":"blacklist"},"CAT- 
QuickHeal":{"category":"undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210302","engine_version":"14.00" 
,"method": "blacklist’}, "ALYac":{"category":"undetected","engine_n 
ame": "ALYac","engine_update":"20210303","engine_version":"1.1. 
Onl "method": "placklist’}, "Cylance" ty category": "undetected","engi 
ne_name":"Cylance","engine_update":"20210303","engine_versio 
ree eel Oilhs "method": "placklist"},"Zillya":{"category":"undetected 
z raenainel| name": "Zillya","engine_update":"20210228" ,"engine_| ver 
sion":"2.0.0.4305","method":"blacklist’}, "SUPERAntiSpyware" {"ca 
tegory":"undetected","engine_name":"SUPERAntiSpyware","engin 
e_update":"20210226","engine_version":"5.6.0.1032","method":"bl 
acklist"},"Sangfor":{"category": “undetected","engine_name":"Sangf 
or","engine_update":"20210301" "engine version":"2.9.0.0","meth 
od":"blacklist"}, "K7AntiVirus": {"category":"undetected","engine_na 
me":"K7AntiVirus","engine_update":"20210303" "engine _ version":" 
11.167.36589", "method": “blacklist’}, "Alibaba":{"category":"undetec 
ted","engine_name":"Alibaba","engine_update":"20190527","engin 
e_version":"0.3.0.5","method": “blacklist’}, "K7GW";{"category":"und 
etected","engine_| name":"K7GW" ,"engine_update":"20210303","en 
gine_ version":"11.167.36588","method":"blacklist"}, "CrowdStrike":{ 
"category":"malicious", "engine name":"CrowdStrike","engine_upd 
ate":"20210203","engine_version":"1.0","method":"blacklist","result 
"s"win/malicious_confidence_60% 
(W)"}, "BitDefenderTheta’: {"category":"undetected","engine_name" 
:"BitDefenderTheta","engine_update":"20210223","engine_version 
Bee LOO. Ou "method": "blacklist"},"Cyren":{"category":"undetect 
ed","engine_| name": "Cyren","engine_update":"20210303","engine_ 
version":"6.3.0.2","method":"blacklist"},""SymantecMobilelnsight":{" 
category": “type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method":"blacklist"},"T 
otalDefense" :{"category":"undetected","engine_name":"TotalDefen 
se","engine_update":"20210303","engine_version":"37.1.62.1 ","me 
thod": "blacklist"},"Baidu":{"category":"undetected","engine_name": 
"Baidu","engine_update":"20190318","engine_version":"1.0.0.2"," 
method":"blacklist"},"APEX":{"category":"undetected","engine_na 
me":"APEX","engine_| update": "20210301","engine_version":"6.138 
""method":"blacklist"},"Avast":{"category":"undetected","engine_n 
ame":"Avast" ,"engine_update":"20210303","engine_version":"21.1 
5827.0", "method": "blacklist’}, "ClamAV":{"category":"malicious","e 
ngine_name":"ClamAV","engine_update":"20210302","engine_ver 
sion":"0.103.1 0","method":"blacklist","result":"Win.Worm.Runouce 


434") ,"BitDefender":{"category":"undetected","engine_name":"BitD 
efender","engine_update":"20210303","engine_version":"7.2","met 
hod":"blacklist’}, "NANO- 
Antivirus" {"category": "undetected","engine_name":"NANO- 
Antivirus", ‘engine _ update" :"20210303","engine_ version": "1.0.146. 
25261", "method": ‘blacklist"},"Paloalto":{"category":"undetected","e 
ngine_name":"Paloalto","engine_update":"20210303","engine_ver 
sion": "1.0","method": "blacklist’}, "ViRobot":{"category":"undetected" 
,"engine_name":"ViRobot","engine_update":"20210303","engine_v 
ersion": "2014.3.20. 0", "method": "blacklist"},"Rising": "category": "fail 
ure","engine_name":"Rising","engine_update":"20210302","engine 
_version': F2510!0'261 ."method":"blacklist"},"Ad- 
Aware" -{"category": "undetected","engine_name":"Ad- 
Aware","engine_update":"20210303","engine_version":"3.0.16.117 
""method":"blacklist"}," Trustlook":{"category"=type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
303","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory": "undetected","engine_name":"TACHYON","engine_update 
":"20210303","engine_version":"2021-03- 
03.02","methoa": “blacklist’}, "Emsisoft":{"category":"undetected","e 
ngine_name":"Emsisoft","engine_update":"20210303" "engine _| ver 
sion":"2018.12.0.1641", "method": "placklist"},"Comodo":{"category" 
:"undetected","engine_name":"Comodo","engine_update":"202103 


:"undetected","engine_name":"Comodo","engine_update":"202103 
03","engine_ version":"33310","method":"blacklist"},"F- 
Secure":{"category": "undetected" ,"engine_name":"F- 
Secure","engine_update":"20210302" "engine _| version": "12. 0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"undetected","engine 
“name”: "DrWeb","engine_update":"20210303","engine_' version": fe 
7.0.49.9080", "method": "blacklist"},"VIPRE": {"category": "undetecte 
d","engine_name":"VIPRE","engine_update":"20210303","engine_ 
version":"90808","method":"blacklist"},"TrendMicro":{"category":"fai 
lure","engine_name":"TrendMicro","engine_update":"20210302","e 
ngine_version":"11.0.0.1006","method":"blacklist"},"McAfee-GW- 
Edition": "category": "undetected","engine_name": "McAfee- GW- 
Edition","engine_update": "20210303", "engine_version":"v2019.1.2 
+3728", "method": "placklist"},"Trapmine":{"category":"type- 
unsupported", "engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210228","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"undetected","engine_ name": "Sophos","engine_ 
update":"20210303", “engine _ version":"1. 0. P20)", method" “blacklist 
"\."SentinelOne" "category": "undetected","engine_name":"Sentine 
IOne","engine_update":"20210215" engine. version":"5.0.0.20","m 
ethod": "blacklist"},"GData":{"category":"undetected","engine_name 
""@Data","engine_update":"20210303","engine_version":"A:25.28 
840B:27. 22157", "method" "blacklist’}, "Jiangmin’: {"category":"unde 
tected","engine_name":"Jiangmin","engine_update":"20210302","e 
ngine— version":"16.0.100", "method": "blacklist"},"Webroot": catego 
y":"undetected" "engine _| name":"Webroot","engine_update":"2021 
0303", "engine_version":"1.0.0.403","method":"blacklist"},"Avira":{" 
category":"undetected","engine_name":"Avira","engine_update":"2 
0210302","engine_' version":"8.3.3.10","method": "blacklist"},"Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210303","engine_' version’: "3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"2021 0303","engine_version":"201 Ue 
9. 26.565", "method": "blacklist’}, "Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210303","engine_ 
version":"1.0.30.121" "method": "blacklist","result":"PUP.Win32.Ge 
n.vili"},"Arcabit": "category": "undetected", "engine_name": "Arcabit", 
"engine_update":"20210303","engine_ version":"1.0.0.881 ","metho 
ol". "blacklist'}, "AegisLab": {"category": "undetected","engine_name": 
"AegisLab","engine_update":"20210303","engine_version":"4.2"," 
method": "blacklist"}, "ZoneAlarm":{"category":"undetected", "engine 
name":"ZoneAlarm","engine_update":"20210303" ,"engine_| versio 
n":"1.0","method":"blacklist"},"Avast-Mobile":{"category":"type- 
unsupported": "engine_name":"Avast- 
Mobile","engine_update":"20210302","engine_version":"210302- 
O2u "method": "blacklist"},"Microsoft":{"category":"undetected","engi 
ne_name":"Microsoft","engine_update":"20210303", "engine _ vers 
on":"1.1.17800.5","method":"blacklist"},"Cynet":{"category":"undete 
cted","engine_| name": "Cynet","engine_update":"20210302","engin 
e_veision':"4.0.0.25""method’"blacklist’,"BitDefenderFalx':("cat 
egory":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916","engine_version":"2.0.936", "method": “placklist"}, "AhnL 
ab-V3":{"category":"undetected","engine_name":"AhnLab- 
V3","engine_update":"2021 0303","engine_version":"3.1 9.5.1 0130" 
,"method": "blacklist’}, "Acronis" :{"category":"undetected","engine_n 
ame": "Acronis","engine_update":"20210211","engine_ version":"1. 
eeu ,"method": "blacklist’}, "McAfee":{"category":"undetected","e 
ngine_name":"McAfee","engine_update":"20210303","engine_vers 
ion":"6.0.6.653","method":"blacklist"},"MAX":{"category":"undetecte 
d","engine_name":"MAX","engine_update":"20210303","engine_ve 
rsion":"2019.9.16.1","method":"blacklist"},"VBA32":{"category":"un 
detected","engine_name".:"VBA32","engine_update"."20210302"," 
engine_version":"4.4.1","method":"blacklist"},"Malwarebytes":{"cat 
egory":"undetected","engine_name":"Malwarebytes","engine_upda 
te":"20210302" "engine _| version": TAT 2a Ou "method": "blacklist’}," 
Zoner":{"category":"undetected","engine_name":"Zoner","engine_ 
ESET 0302","engine_' version": "0.0.0.0", "method": "blacklist 
NOD32":{"category":"undetected","engine_name":"ESET- 
NOD32","engine_update":"20210303","engine_version":"22901"," 
method":"blacklist"},"TrendMicro- 
HouseCall": {"category": "undetected","engine_name":"TrendMicro- 
HouseCall","engine_| update": "20210303","engine_ version”: "10.0.0 
.1040", "method": "blacklist"},"Tencent":{"category":"malicious","eng 
ine_name":"Tencent","engine_update":"2021 0303","engine_versio 


ine_name":"Tencent","engine_update":"2021 0303","engine_versio 
n":"1.0.0.1","method":"blacklist","result":"Win32.Trojan- 
downloader.Generic.Lqyt"},"Yandex":{"category":"malicious","engi 
ne_name":"Yandex","engine__ update": "20210301","engine_version 
Mlb ode "method": "blacklist","result":"Trojan. GenAsalYnpd4+M 
KTIM"}, "Ikarus": {"category": "undetected", "engine_name":"Ikarus"," 
engine_update":"20210302","engine_' version”:"0.1.5. 2","method":" 
blacklist"},"MaxSecure":{"category":"undetected", "engine! name":" 
MaxSecure","engine_update":"20210302", "engine_ version": | {0).0)- 
1","method":"blacklist"},"Fortinet":{"category":"undetected","engine 
_name": "Fortinet" ,"engine_update":"20210303","engine_' version":" 
6.2.142.0","method": “"blacklist"}, "Cybereason": {"category":"undete 
cted" "engine name":"Cybereason","engine_update":"20210208"," 
engine_version":"1.2.449", "method": "blacklist"},"Panda":{"category 
"s"undetected","engine__ name":"Panda", "engine_update":"2021030 
2","engine_version":"4.6.4.2","method": blacklist’, "Qihoo- 
360":{"category":"failure" engine_name":"Qihoo- 
360","engine_update":"20210303","engine_version":"1.0.0.1120"," 
method":"blacklist"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":4,"harmless":0,"malicious":5,"Suspicious":0,"tim 
eout":0,"type- 
unsupported":5,"undetected":58},"last_modification_date":"161742 
8344" "last_ submission | date":"1614752468","md5":"aafb6851233 
©39¢46062950be8c5ct83" ,"meaningful_name":"QQBrowserWebIn 
staller.exe","names": ["aafb6851 233¢39c46062950be8c5cf83. virus 
y ,"QQBrowserWebInstaller", "QQBrowserWeblnstaller.exe"],"reput 
ation":"0","sha1":"bd83d1 100adc3f1d37 1d6fd04913185eb8bbea9 
9","sha256":"e4030770c5d667 1c5e4b57cb21e99e22407b25e007 
7f5ddca494561c6c3703bc","size":"359381","tags":["peexe","overla 
y","direct-cpu-clock-access","checks-network-adapters","runtime- 
modules"],"times_: submitted":"1 ""total_votes":{"harmless":"0","mali 
cious":"0"},"type_ description": "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"03505665 
5d15555058z6c1233z47240101181z61 Zia authentihash":"d01 
ed55404cbd3623b8c0e7bbadf607b032bc54701b82a759f 17c573 
cbb716b","magic":"PE32 executable for MS Windows (GUI) Intel 
80386 32- 
bit","pe_info":{"entry_point":"97583","imphash":"ea3bc2c5f684776 
9ad87134ec162b475","import_list":[{"imported_functions":["URLD 
ownloadToCacheFileW"),"library_name":"urlmon.dll"},{"imported_f 
unctions":["HttpSendRequestA","InternetConnectW", "InternetClos 
eHandle","InternetOpenA","InternetSetOptionW","HttpOpenReque 
stW"], "library_name": "WININET.dIl"},{"imported_functions":["Shell_ 
NotifylconW", "SHGetSpecialFolderPathW", "ShellExecuteExW","C 
ommandLineToArgvW"],"library_name":"SHELL32.dll"}, {imported 
_functions":["GetStdHandle","GetDriveT ypeW","GetConsoleOutpu 
tCP","FileTimeToSystemTime","WaitForSingleObject","GetDriveTy 
peA","DeleteCriticalSection","GetCurrentProcess","GetConsoleMo 
de","GetLocalelInfoA","LocalAlloc","FreeEnvironmentStringsW","G 
etLocalelnfoW","SetStdHandle","WideCharToMultiByte","GetStrin 
gTypeA","InterlockedExchange","WriteFile","GetSystemTimeAsFil 
eTime","HeapReAlloc","GetStringTypeW","GetOEMCP","LocalFre 
e","InitializeCriticalSection","FindClose","InterlockedDecrement"," 
GetFullPathNameW","SetLastError","DeviceloControl","CopyFile 
W","GetModuleFileNameW","IsDebuggerPresent","HeapAlloc","G 
etModuleFileNameA","LoadLibraryA","EnumSystemLocalesA","Un 
handledExceptionFilter","TlsGetValue","MultiByteToWideChar","G 
etModuleHandleA","CreateThread","GetSystemDirectoryW","SetU 
nhandledExceptionFilter","SetEnvironmentVariableA","T erminateP 
rocess","WriteConsoleA","GetCurrentThreadld","InterlockedIncre 
ment","WriteConsoleW","InitializeCriticalSectionAndSpinCount","H 
eapFree","EnterCriticalSection","SetHandleCount","LoadLibraryW" 
,"GetVersionExW","GetExitCodeProcess","QueryPerformanceCou 
nter","GetTickCount","TlsAlloc","FlushFileBuffers","IstrempiW","Ritl 
Unwind","FreeLibrary","GetStartupInfoA" ,"GetFileSize","GetStartu 
pInfoW","CreateDirectoryW","DeleteFileW","GetUserDefaultLCID", 
"CompareStringW","CompareStringA","FindFirstFileW","|sValidLoc 
ale","GetProcAddress","GetTimeZonelnformation","CreateFileW"," 
GetFileType","TlsSetValue","CreateFileA","ExitProcess","LeaveCri 
ticalSection","GetLastError","LCMapStringW","GetSystemInfo","G 
etConsoleCP","LCMapStringA","GetEnvironmentStringsW","GetC 
Plinfo","CreateProcessW","FileTimeToLocalFileTime","GetCurrent 
Processld","GetCommandLineW","GetCurrentDirectoryA","HeapSi 
ze","InterlockedCompareExchange","GetSystemDefaultLang!D"," 
RaiseException","TlsFree","SetFilePointer","ReadFile","CloseHan 
dle","GetACP","GetModuleHandleW","IsValidCodePage","HeapCr 
eate","VirtualFree","Sleep","VirtualAlloc"],"library_name":"KERNEL 
32.dll"},{"imported_functions":["NetWkstaTransportEnum","NetApi 


32.dll"},{"imported_functions":["NetWkstaTransportEnum","NetApi 
BufferFree","Netbios"],"library_name":"NETAPI32.dll"},{"imported_ 
functions"["RegOpenKeyExA","RegQueryValueExA","RegCloseK 
ey","RegQueryValueExW","RegOpenKeyExW'"J,"library_name":"A 
DVAPI32.dll"},{"imported_functions":["CoUninitialize","CoCreateG 
uid","CoCreatelnstance","Colnitialize"],"library_name":"ole32.dll"},{ 
"imported_functions":["PathAppendW"),"library_name":"SHLWAPI. 
dll"},{"imported_functions":["htons","htonl"],"library_name":"WS2_3 
2.dll"}, {"imported_ functions":["GetPropW", BeginPaint’, "DefWindo 
wProcW","DestroyMenu","GetMessageW","PostQuitMessage","Se 
tPropW","|sWindow","RegisterClassExW",""AppendMenuW","Trans 
lateMessage","PostMessageW","DispatchMessageW","GetCursor 
Pos","CreatePopupMenu","LoadStringW","RemovePropW","Track 
PopupMenu","LoadCursorW","LoadiconW","CreateWindowExW"," 
EndPaint","SetForegroundWindow","DestroyWindow'"],"library_na 
me":"USER32.dll"}],"machine_type":"332","overlay":{"chi2":19422. 
2265625,"entropy":7.173076629638672,"filetype":"Data","md5":"d 
c4c64a288bc5bb8ebi678d285077771","offset":"351232","size":"81 
49"},"resource_details":[{"chi2":1 02653.65625,"entropy":4.265481 
948852539, "filetype":"Data","lang":"CHINESE 
SIMPLIFIED","sha256":"bd176d9b9af28de4c886e02c2ed6547405 
dbe75dd8e4bdbac0651669e05d7ac6","type":"RT_ICON"},{"chi2": 
cH rf aac ,"entropy":2.8761 73734664917 .filetype":"Data","lan 
SiMPLI FIED","sha256":"536f1d662f18e6d0dc322559b5bcc61 53d 
€723e6477db87ecdcc8a5ce54c9f5a", "type":"RT_ICON"},{"chi2":1 
804.1468505859375,"entropy":7. 947758197784424, "filetype":"ima 
ge/x-png","lang": "CHINESE 
SIMPLIFIED","sha256":"9dc8324303645d30d1e748ac3e0d5cc14 
619d7037217fd8df1 dfe66e0091 aac" ,"type":"RT_ICON"},{"chi2":2 
oar .0,"entropy":4.135322570800781,"filetype":"Data","lang":"C 
HI 
SIMPLIFIED","sha256":"c7ddda9b31fb442bc54779ccfee1 01fd563 
0e3a9e03d376fffa6d3a708ec78ae", "type":"RT_ICON"},{"chi2":637 
ant se ,"entropy":4.86038637161 2549 ,filetype":"Data","lang":"C 
HINESE 
SIMPLIFIED","sha256":"b9ade14732b393ba24fbb1 125ec8994b29 
Ofcbb1e371d126d16ae8a59e31f42d","type":"RT_ICON"},{"chi2":3 
ee eee ,"entropy":5. 049365520477295 ,filetype":"Data","lang 
wee HI 
SIMPLIFIED","sha256":"99e5323e9201 251 40cb824d93ff69f722a1 
b87173b91dcaa83481 1def9a637d0","type":"RT_ICON"},{"chi2":12 
3185.5625,"entropy":5.2661399841 30859, "filetype":"Data","lang":" 
CHINESE 
SIMPLIFIED","sha256":"2d3de7b1 d8f2e 1 3ff80a89cdd252b677a2f 
Baf768ae 1 fc85e4d5c50at40e25c2" ,"type":"RT_ICON"},{"chi2":595 
ST ae ,"entropy":5.4807 12890625, "filetype":"Data","lang":"C 
HINE 
SIMPLIFIED","sha256":"c5fe77ad19b2c05c742a97a1 1e38e70b7d 
d3effd3ab72ad2t77c7eed3c8bcfda", "type":"RT_ICON"},{"chi2":20 
107.27734375,"entropy":5.7420101 16577148 ,filetype":"Data","lan 
g":"CHINESE 
SIMPLIFIED" "sha256":"77e5db29f643401 1 4e9cff9686081616cf0 
598f8fe3c0532e288e6994ecdae0" ,"type":"RT. _ICON"}, {"chi2":402 
Sy Hh rene 25,"entropy":4.007823944091 797,"filetype":"Data","la 
ng": " 
SIMPLIFIED","sha256":"f4531e1079d65b51 3f2f52f52ac52e8cd5a 
3d6d8 1 14aef736776d20fee2eech2","type":"RT_STRING"},{"chi2": 
9700.7275390625,"entropy":2.984201 192855835, "filetype":"Data", 
"lang":"CHINESE 
SIMPLIFIED","sha256":"20d06af38e9b5c4f888fd4c97 9fada06febf5 
614839c64e7e8d184437e8764916","type":"RT_GROUP_ICON"}{ 
"chi2":66054.8359375,"entropy":3.51932525634 76562, filetype":" 
Data","lang":"CHINESE 
SIMPLIFIED", "sha256":"efe3d7de44163406a00cba466e40361 189 
9c60a611698a2d07090528fc6b2888","type":"RT_VERSION"},{"ch 
i2":4088.221 9238281 25,"entropy":4.7779154777526855, filetype": 
"ASCII text","lang": "ENGLISH 
US","sha256":"ec5d04c8ef3fe0e571 c8e604bf146b393108cee1 1f1 
ad3d665b7501 ec20d37d0","type":"RT_MANIFEST"}],"resource_la 
ngs":{"ENGLISH US":"1","CHINESE 
SIMPLIFIED":"12"}, "resource _ types"{"RT_ICON":"9","RT_STRIN 
G":"1","RT_VERSION":"1","RT_GROUP_ICON":"1", Tee MANIFE 
Sie nf "sections" [{"chi2":1049454.88,"entropy":6. 66," ‘flags":"rx"," 
md5":"d95ac09a7ee6df47b7721 33a205e725e", "name": text", "raw 
_size":"199168","virtual_address":"4096","virtual_size":"199146"},{ 
"Chi2":1458127. 38," ‘entropy":4.82,"flags":"r ie ."md5":"ed30392eac9f 
98aaa873"91485becf03", "name":".rdata", "raw size":"32768","virtu 
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98aaa873f91485bccf03","name":".rdata","raw_size":"32768","virtu 
al_address":"204800","virtual_size":"32344"}, {"chi2":686045.0,"ent 
ropy":3.75,"flags": "rw","md5":"1 7e3e86F1 d66f5631 e9a20150a0c09 
a","name":".data", "raw size":"7680","virtual_address":"237568", "vi 
rtual | size": "O5624"}, {"chi2": 2740044. 0,"entropy":5.58,"flags":"r","M 
d5":"9b6a64c65cddb8b09229a5b36a3d4eb4","name":".rsrc", Taw. 
size":"97792","virtual_address":"266240", "virtual_size": "97600", (ns 
chi2":504153.1 3,"entropy":5.05,"flags":"r","md5":"6576d33e07ee7 
edf9a8e4ca0241e3a82","name":".reloc","raw_size":"12800","virtua 
|_address":"364544" "virtual_size":"12744"}],"timestamp":"139226 
1458"},"signature_info":{"copyright":"Copyright © 2014 Tencent. 
All Rights Reserved.","description":"QQBrowserWeblnstaller", "file 
version":"7, 1, 1308, 400","internal 
name":"QQBrowserWeblnstaller","original 
name":"QQBrowserWebInstaller.exe","product":"QQBrowser 
Installer","x509":[{"algorithm":"sha1RSA","cert issuer":"Thawte 
Timestamping CA","name":"Symantec Time Stamping Services 
on - sen cena number":"7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 
4 06 F 
3B", "thumbprint":"6C07453FFDDA08B83707C09B82FB3D15F353 
36B1","valid from":"2012-12-21 00:00:00","valid to":"2020-12-30 
23:59:59","valid_usage":"Timestamp 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"Symantec Time 
Stamping Services CA - G2","name":"Symantec Time Stamping 
Services Signer - G4","serial number":"OE CF F4 38 C8 FE BF 35 
6E 04 D8 6A 98 1B 1A 
50","thumbprint":"65439929B67973EB192D6FF243E6767ADF083 
4E4","valid from":"2012-10-18 00:00:00","valid to":"2020-12-29 
23:59:59","valid_usage":"ff"},{"algorithm":"sha1 RSA","name":"Veri 
Sign Class 3 Public Primary Certification Authority - G5","serial 
number":"25 OC E8 E0 30 61 2E 9F 2B 89 F7 05 4D 7C F8 
FD","thumbprint":"32F30882622B87CF8856C63DB873DF0853B4 
DD27","valid from":"2006-1 1-08 00:00:00","valid to":"2021-11-07 
23:59: 59", "valid_usage":"Server Auth, Client Auth, Code Signing, 
608648018618420401, 
60864801 86845010801 "},{"algorithm":"sha1RSA","cert 
issuer":"VeriSign Class 3 Code Signing 2010 
CA","name":"Tencent Technology(Shenzhen) Company 
Limited","serial number":"71 70 BD 93 CF 3F 18 9A E6 45 2B 51 
4C 49 34 
0E","thumbprint":"2F-DD445591 CD2EEDBEF8B8A281896A59C08 
B3DC9","valid from":"2013-01-17 00:00:00","valid to":"2016-02-16 
23:59:59","valid_usage":"Code 
Signing"}]},"ssdeep":"3072:8A9BLIYm1sUM/oJeNtqxnCBEWILeAO 
TIFQctVArxhY2m3+z4pT GH2BBUS9yBXJu:8gakNOxC+Le9IcEXiy 
qP|5u","trid":[{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":47.3},{"file_type":"Win64 Executable 
(generic)","probability":15.9},{"file_type":"Win16 NE executable 
(generic)","probability":10.6},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":9.9},{"file_type":"Win32 Executable 
(generic)","probability":6.8}]},"id":"e4030770c5d667 1c5e4b57cb21 
€99e22407b25e0077f5ddca494561c6c3703bc","links":{"self":"http 
s://www.virustotal.com/api/v3/files/e4030770c5d667 1c5e4b57cb2 
1e99e22407b25e0077f5ddca494561c6c3703bc"},"type":"file"} 
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_results":{"Bkav":{"category 


{"attributes":{"creation_date":"1378740707","first_submission_date 
""1617945542" "last_analysis_date":"1617945542" "last_analysis 
":"malicious","engine_name":"Bkav","e 
ngine_update":"20210408","engine_version":"1.3.0.9899","method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic":{"category 
""malicious","engine_name":"Elastic","engine_update":"20210407 
""engine_| version":"4.0. 19","method": “blacklist”, "result":"malicious 
(high confidence)"}, "MicroWorld- 
eScan" -{" ‘category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210409","engine_version":"14.0.409.0 
: "method": "blacklist","result":"Trojan.Ppatre.Gen.1"},"FireEye":{"c 
ategory": "malicious", "engine_name":"FireEye","engine_update":"2 
0210409" "engine_version":"32.44.1 .0","method":"blacklist","result 
""Generic.mg.9d5184ddfc073d9c"},"CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal", "engine_update":"20210409","engine_version":"14.00" 
,"method":"blacklist", "result": "Trojan. Mauvaise. SL1 "\."McAfee":{"c 
ategory": "undetected","engine_name":"McAfee","engine_update":" 
2021 0409" "engine version":"6.0.6. Gdaie "method": "blacklist"},"Cyl 
ance":{"category":"malicious","engine_name":"Cylance","engine_u 
pdate":"20210409","engine_version":"2.3.1.101","method":"blackli 
st","result":"Unsafe"},"VIPRE":{"category":"undetected","engine_n 
ame":"VIPRE","engine_update":"20210409","engine_version":"916 
96","methoa": "blacklist’t, "K7AntiVirus": {"category":"malicious","en 
gine_name":"K7AntiVirus","engine_update":"20210408", "engine Vv 
ersion":"11.1 75.36874","method":"blacklist","result":"Trojan- 
Downloader ( 0050fef41 
)"}; "BitDefender": {"category":"malicious","engine_name":"BitDefen 
der","engine_update":"20210409" "engine_version":"7. 2","method" 
“'blacklist","result":"Trojan.Ppatre.Gen.1 " "K7GW": "category": "m 
alicious","engine_name":"K7GW","engine_update":"20210409","e 
ngine_version":"11.1 75.36876","method""blacklist”,"result":"Troja 
n-Downloader ( 004eadfb1 
)"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdSt 
rike","engine_update":"20210203", "engine version":"1.0","method 
""blacklist","result":"win/malicious_| confidence 100% 
(D)"},"BitDefenderTheta":{"category":"malicious","engine_name": 
BitDefenderTheta","engine_update":"2021 0402", ,"engine_version": 
"7.2.37796.0","method":"blacklist", "result":"Gen:NN.Zexae.34670. 
amX@aqidP@c"t, "Cyren":{"category":"undetected","engine_name 
""Cyren","engine_update":"20210409" “"engine_version"."6.3.0.2", 
"method" "blacklist"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126" ,"engine_| version": r20p "method": “blacklist’}, AS) 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"2021 0409","engine_version":"1 14.0.0%."method":"bla 
cklist","result":"ML.Attribute. HighConfidence"}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"2021 0409" ,"engine_version":"23103"," 
method":"blacklist","result":"Win32/TrojanDownloader.Small.PRL"} 
,"Baidu": "category": "malicious","engine_name":"Baidu","engine_u 
pdate": "20190318","engine_version":"1.0.0.2","method":"blacklist", 
"result":"Win32.Trojan- 
Downloader.Waski.k"},"APEX":{"category":"malicious","engine_na 
me":"APEX","engine_update":"20210404","engine_' version":"6.151 
""method":"blacklist","result":"Malicious"},"Avast":{"category":"und 
etected" s"engine_| name":"Avast" ,"engine_update":"20210409","en 
gine_version":"21.1.5827.0","method":"blacklist"},"ClamAV":{"cate 
gory":"malicious","engine_|! name":"ClamAV" ,"engine_update":"202 
10408","engine_version":"0.103.2.0","method":"blacklist","result":" 
Win. Downloader. Ppatre-7131839- 
0"},"Kaspersky":{"category":"undetected","engine_name":"Kaspers 
ky","engine_update":"20210409","engine_version":"21.0.1.45","me 
thod":"blacklist"},"Alibaba":{"category":"undetected","engine_name 
""Alibaba","engine_update":"20190527","engine_version":"0.3.0.5 
""method":"blacklist"},"NANO- 
Antivirus" {"category": "malicious","engine_name":"NANO- 
Antivirus", “engine_update": "2021 0409","engine_version":"1 0.146. 
Eyre). "method": ‘blacklist","result":"Trojan.Win32.DownLoad3.cje 
rhf"},"ViRobot":{"category": "undetected" ,"engine_name":"ViRobot", 
"engine_update":"20210408","engine_version":"2014.3.20.0","met 
hod":"blacklist"},"AegisLab":{"category":"undetected","engine_nam 
e":"AegisLab","engine_update":"20210409","engine_version":"4.2" 
,"method":"blacklist"},"Rising":{"category":"undetected","engine_na 
me":"Rising","engine_update":"20210409","engine_version":"25.0. 
0.26","method": "blacklist’}, "Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update": "20210409", "engine_version":"3.0.16.117 


Aware","engine_update":"20210409","engine_version":"3.0.16.117 
""method":"blacklist","result":"Trojan.Ppatre.Gen.1"},"Trustlook":{" 
category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
409","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
":"20210409","engine_version":"2021 -04- 
09.01","method":"blacklist"},"Sophos":{"category":"undetected","en 
gine_ name": "Sophos","engine_update": "20210409","engine_versi 
OnwleOr2On: "method" "placklist"},"Comodo":{"category":"malicious 
""engine_| name":""Comodo" ,"engine_update":"20210408","engine_ 
version":"33421","method":"blacklist","result":"TrojWare.Win32.Tro 
janDownloader. Upatre. ACC@b6yhj i3"}, "F- 
Secure":{"category": "undetected”: ,"engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"undetected","engine 
“name”: "DrWeb","engine_update":"20210409","engine_' version":" 
@ 0.49.9080","method":"blacklist"},"Zillya":{"category":"undetected" 
,"engine_| name": "Zillya","engine_update":"20210408","engine_ver 
sion”:"2.0.0.4336","method":"blacklist"},"TrendMicro":{"category":" 
malicious","engine_name":"TrendMicro","engine_update":"202103 
30","engine_version":"11.0.0.1006","method":"blacklist","result":"T 
ROJ_DLOADER.SM3"},"McAfee-GW- 
Edition": "category": "undetected","engine_name":"McAfee-GW- 
Edition","engine_update":"20210409","engine_version":"v2019.1.2 
+3728", "method": "blacklist"},"Trapmine":{"category":"type- 
unsupported", "engine_name":"Trapmine","engine_update":"20200 
eta "engine_| version": "3. 50023 "method": “blacklist’}, "CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version":"2.10.2019. ale "method": "blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210409","engine_version":"2018.12.0.1641", "method" 
"blacklist","result": "Trojan. Ppatre. Gen.1 
(B)"}, "SentinelOne" :{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" "engine. version":"5.0.0.20"," 
method":"blacklist","result":"Static Al - Malicious PE"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210408","engine_version":"210408- 
02","method":"blacklist"},"Jiangmin" {"category":"undetected","engi 
ne_name":"Jiangmin","engine_update":"20210408","engine_versio 
n":"16.0.100", "method": "blacklist'}, "Webroot": "category": "undetect 
ed" ,"engine_name":"Webroot","engine_update":"20210409","engin 
eo version": "4.0.0.403", "method": "placklist"},"Avira":{"category":"m 
alicious",' ‘engine_ name":"Avira","engine_| update": "20210409","eng 
ine version’ '"8.3.3.12","method":"blacklist","result": "TR/ATRAPS. 
Gen"},"Antiy-AVL": "category": "malicious" ,"engine_name":"Antiy- 
AVL","engine_update":"20210409","engine_version":"3.0.0.1","met 
hod":"blacklist","result":"Trojan[Downloader]/Win32.AGeneric’},"Ki 
ngsoft":{"category": "undetected”,"engine_name":"Kingsoft","engin 
e_update":"20210409","engine_version":"2017.9.26.565","method" 
"blacklist"},"Microsoft":{"category": "undetected" "engine_| name": 
Microsoft","engine_update":"20210408","engine__ version". "1.1.180 
00.5","method":"blacklist’ 3 "Gridinsoft":{"category":"undetected","e 
ngine_name":"Gridinsoft","engine_update":"20210409","engine_ve 
rsion"="1.0.36.127","method": "placklist"},"Arcabit":{"category":"mali 
cious","engine__ name": "Arcabit","engine_update":"20210409","engi 
ne version": "4.0.0.881", "method": "blacklist", "result": "Trojan. Ppatre 
.Gen.1"}, "SUPERAntiSpyware": {"category":"malicious","engine_na 
me":"SUPERAntiSpyware","engine_update":"2021 0402" "engine_ 
version":"5.6.0.1032","method":"blacklist","result":"Trojan.Agent/G 
en- 
Downloader"},"ZoneAlarm":{"category":"undetected","engine_nam 
e":"ZoneAlarm","engine_update":"20210409","engine_version":"1. 
O” "method": "blacklist", "GData":{"category": "undetected", "engine_ 
name":"GData" ,"engine_update":"20210409" "engine _' version":"A: 
25.29269B:27.22591","method":"blacklist"},"Cynet":{"category":"m 
alicious","engine_| name": "Cynet","engine_update":"20210409","en 
gine_version":"4.0.0.27", "aiethod: "blacklist","result": "Malicious 
(score: 100)"}, "BitDefenderFalx" :{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version":"2.0.936", "method": “blacklist"}, "AhnL 
ab-V3":{"category":"malicious" “engine_name":"AhnLab- 
V3","engine_update":"20210409","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.Zbot.R83549"},"Acroni 
s":{"category": "malicious", "engine_name":"Acronis","engine_updat 
e":"20210211" "engine version":"1.1.1 81", "method": "blacklist", "re 
sult" "suspicious"},"VBA32":{"category": "malicious"," ‘engine_name" 
:"VBA32","engine_update":"2021 0408","engine_version":"5.0.0"," 


"VBA82","engine_update"."2021 0408","engine_version":"5.0.0"," 
method":"blacklist","result":"BScope. Trojan. Downloader"},"ALYac": 
{"category":"malicious","engine_name":"ALYac","engine_update":" 
20210409","engine_version":"1.1.3.1","method": “blacklist”, result” 
"Trojan.Ppatre.Gen.1"},"MAX": {"category": "malicious","engine_na 
me":"MAX","engine_update":"20210409","engine_' version":"2019.9 
alkeell "method": "placklist","result": "malware (ai 
score\u003d88)"},"Malwarebytes" :{"category":"malicious","engine_ 
name"."Malwarebytes","engine_update": "20210407" "engine_versi 
on":"4.2.1.18","method":"blacklist","result":"Upatre. Trojan. Downloa 
der.DDS"}, "Panda": {"category": "malicious","engine_name":"Panda 
""engine_| update": "20210408","engine_version":"4.6.4.2","method 
""blacklist","result": "Tr/Genetic. gen"},"Zoner":{"category":"undetec 
ted" engine. name":"Zoner","engine_update":"20210408","engine 
_version":"0.0.0.0", "method": "blacklist"},"TrendMicro- 
HouseCall": {' ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210409","engine_version":"10.0.0 
.1040","method":"blacklist","result":"TROJ_- DLOADER.SM3"},"Ten 
cent":{"category": "malicious", "engine_name":"Tencent","engine_u 
pdate”: "20210409","engine_version":"1.0.0.1", "method": "blacklist", 
"result":"Malware.Win32.Gencirc.10b0cd7a"}, "Yandex" :{"category" 
:"malicious","engine_name":"Yandex","engine_update":"20210408 
: ,"engine_version":"5.5.2.24", "method": "placklist","result":"Trojan. 
GenAsa!xjw/xZS1BKE"}, "Ikarus": {"category": "malicious", "engine_n 
ame":"Ikarus","engine__ update": "20210408","engine_ version":"0.1. 
5.2","method":"blacklist","result":"Trojan- 
Downloader.Win32. Upatre"}, "eGambit":{"category":"undetected"," 
engine_name":"eGambit" "engine_| update": "2021 0409", "method": 2 
blacklist"},"Fortinet":{"category":"malicious","engine_name":"Fortin 
et","engine_update":"20210409","engine | version":"6.2.142. 0","me 
thod": "blacklist","result":"W32/Tiny.NIV!tr"},"MaxSecure": {"categor 
y":"malicious","engine_name":"MaxSecure","engine_update":"202 
10409","engine_version":"1.0.0.1","method":"blacklist","result":"Tro 
jan.Upatre.Gen'},"AVG"{"category":"malicious","engine_name":"A 
VG","engine_update":"20210409","engine_version":"21.1.5827.0", 
"method":"blacklist","result":"Win32:Downloader-WID 
[Trj]"},"Cybereason":{"category":"malicious","engine_name":"Cybe 
reason","engine_update":"2021 0330","engine_version"."1 .2.449"," 
method":"blacklist","result":"malicious.dfcO73"},"Paloalto":{"categor 
y":"undetected","engine_name":"Paloalto","engine_update":"2021 
$409", "engine_ version"""1, 0", "method":"blacklist"}, sale: 
360":{"category":"malicious","engine_name":"Qiho 
360","engine_update": "20210409", "engine _' version’ el OLORa20er 
method": "blacklist","result": "HEUR/QVM20.1.76E2.Malware. Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":43,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":26},"last_modification_date":"161803 
5915","last_: submission | date":"1617945542","md5":"9d51 84ddfcO 
73d9c556a7220a1017e4b","meaningful_name":"kgfdfjdk.exe","na 
mes" ["kgfdfjdk.exe"],"reputation":"0","sha1":"2eadb1 32709715543 
01 76473c6e7d4c07¢4b8987","sha256":"668493ea5a263986d4216 
96f809f43e9cee7b6551 92248d1 863c765e259b64a7","size":"1028 
8","tags":["checks-network-adapters","peexe","runtime- 
modules","direct-cpu-clock- 
access","overlay"],"times_submitted":"1","total_votes":{"harmless": 
"0","malicious":"0"},"type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"01403655 
151bzfhz13z11z8bz","authentihash":"fe91Ocf7418ba8e3e2ac2dcb 
88966f9a70c856ab3f3897b3f23664 1 affcf2609","magic":"PE32 
executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"4096","imphash":"d0b82851 84365a8 
38ba341412ef57766" ,"import_list": [{"imported_ functions" :["ShellExe 
cuteW"],"library_name":"SHELL32.dll"},{"imported_functions":["He 
apAlloc","CreateFileW","GetCurrentDirectoryW","HeapCreate","Ge 
tFileSize","GetModuleFileNameW","WriteFile","ReadFile","GetMod 
uleHandleW","GetTempPathW","ExitProcess","CloseHandle","Del 
eteFileW","IstrcmpW","IstrlenW"],"library_name":"KERNEL32.dll"},{ 
"imported_functions":["HttpQueryInfoW","InternetQueryOptionW"," 
InternetConnectW","InternetReadFile","InternetSetOptionW'","Http 
SendRequestW","InternetOpenW","HttpOpenRequestW'"J,"library_ 
name":"WININET.dIl"},{"imported_functions":["wsprintfW"], "library 
name":"USER32.dll"}],"machine_type":"332","overlay":{"chi2": 437 
35.1875,"entropy":3.406376838684082,"filetype":"ASCII 
text","md5":"582bee347de3ae0457d85a04b2f5e6d7", "offset":"409 
6","size":"6192"},"sections":[{"chi2":13830.0,"entropy":5.45,"flags": 
"rx","md5":"7ca7e4cb9fa3a7b1 2c61b1f20a556d72","name":".text", 
"raw_size":"1024","virtual_address":"4096","virtual_size":"939"},{"c 
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"raw_size":"1024","virtual_address":"4096","virtual_size":"939"},{"c 
hi2":137705.44,"entropy":3.27,"flags":"r","md5":"35908f153b6555a 
f9cb665f2c6d005c6", "name":".rdata", "raw! size":"1536","virtual_ad 
dress":"8192","virtual_size":"1032"} {"chi2":89665.0,"entropy":1.44, 
“flags":"r" "md5": "eafe4cc2e09f897 7ce7dc1fb3a78855c","name":". 

reloc’, "raw size":"512","virtual_address":"12288","virtual_ size": "5 
6"}], "timestamp": "1378740707, "ssdeep":"192: IHEwFITSYHSYHh 

L3k5G3gipDZVsrhUWw5MiIlwFITIhY5GwiplVsrhU55M","trid":[{"file 


_type":"Win32 Dynamic Link Library 


(generic)","probability":29.6},{"file_type":"Win16 NE executable 
(generic)","probability":22.7},{"file_type":"Win32 Executable 
(generic)", "probability": 20.3},{"file_1 type"."OS/2 Executable 
(generic)","probability":9.1},{"file_type":"Generic Win/DOS 
Executable", "probability":9.0}]},"id":"668493ea5a263986d4 216968 
09f43e9cee7b655 1 92248d 1863c765e259b64a7", "links": {"self":"htt 
ps://www.virustotal.com/api/v3/files/668493ea5a263986d4 216968 
09f43e9cee7b6551 92248d 1 863c765e259b64a7"},"type":"file"} 
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{"attributes":{"creation_date":"1528982866","first_submission_date 
""1614750353","last_analysis_date":"1615432050","last_analysis 
_results":{"Bkav":{"category":"undetected","engine_name":"Bkav"," 
engine _ update": "20210310" "engine _| version": ll 23:019899 "metho 
ol? ‘blacklist’},’ 'Elastic":{"category":"undetected","engine_| name":"El 
astic","engine_update":"2021021 7","engine_version":"4.0.17","met 
hod": "blacklist", "MicroWorld- 
eScan" -{"category": "undetected","engine_name":"MicroWorld- 
eScan","engine_update": "20210311", “engine_ version": "14. 0.409.0 
y "method": "blacklist"},"FireEye":{"category":"malicious","engine_n 
ame": "FireEye","engine_update":"20210311","engine_ version":"32 
.44.1.0","method":"blacklist","result":"Generic.mg.c69aa5ec5e89e 
4d3"}, ‘CAT 
QuickHeal": {"category": undetected","engine_name":"CAT- 
QuickHeal","engine_update":"20210310","engine_version":"14.00" 
,"method":"blacklist"},"McAfee":{"category":"malicious","engine_na 
me": "McAfee","engine_update":"20210311" ,"engine_version":"6.0. 
6.653","method":"blacklist","result": "Artemis!C69AAS5EC5E89"},"C 
ylance":{"category": "undetected", "engine_name":"Cylance","engin 
e_update":"20210311", “engine _ version": eo Selenite "method": a 
cklist"},"Zillya" "category": "undetected","engine_name":"Zillya","e 
gine_update":"20210310","engine_' version":"2.0.0. 4313", "method": 
"blacklist"}, "SUPERAntiSpyware": {"category": "undetected" ,"engine 
_name":"SUPERAntiSpyware","engine_update":"20210305","engi 
ne_version":"5.6.0.1032", "method": "blacklist"}, "Sangfor": {"categor 
y":"malicious","engine_name":"Sangfor","engine_update":"202103 
06","engine_version":"2.9.0.0", "method": "blacklist","result":"Trojan. 
Win32.Save.a"}, "CrowdsStrike": {"category":"undetected","engine_n 
ame":"CrowdSirike","engine_update":"20210203","engine_version 
seal ‘0","method":"blacklist"},"Alibaba"{"category":"u ndetected","en 
gine_name":"Alibaba","engine_update":"20190527","engine_versi 
on":"0.3.0.5","method":"blacklist"},"K7GW":{"category":"malicious", 
"engine_name":"K7GW","engine_update":"20210310","engine_ver 
sion":"11.169.36673","method":"blacklist","result":"Adware ( 
0057021e1 
)"}, "K7AntiVirus": {"category":"malicious","engine_name":"K7AntiVir 
us","engine_update":"20210310", "engine_version":"1 1.169.36672" 
."method": "placklist","result":"Adware (0057021e1 
ah "Baidu": {"category": "undetected","engine_name":"Baidu","engin 
e_update":"20190318","engine_version":"1.0.0.2","method":"blackl 
ist"},"Cyren" {"category": "malicious","engine_| name": "Cyren","engin 
e_update":"20210311","engine_version":"6.3.0.2","method":"blackl 
ist","result":"W32/T rojan.BHSV- 
4994", "SymantecMobileInsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"2021 0126" ,"engine_version":"2.0","method": "blacklist", iS 
ymantec".{"category":"malicious","engine_name"."Symantec","eng 
ine_update":"20210310","engine_version":"1.14.0.0","method":"bla 
cklist", “result”: "Trojan. Gen. MBT"}, "TotalDefense": "category": "und 
etected","engine_name":"TotalDefense","engine_update":"202103 
10" “engine. version":"37.1.62.1", "method": "placklist"},"APEX":{"ca 
tegory":"malicious", "engine_| name":"APEX" ,"engine_update":"202 
10310","engine_version":"6.141","method":"blacklist","result":"Mali 
cious"},"Avast":{"category":"malicious","engine_name":"Avast","en 
gine_update":"20210311","engine_| version":"21.1.5827. Ou "method 
""blacklist","result": "FileRepMalware", "ClamAV":{"category":"und 
etected" "engine name":"ClamAV","engine_update":"20210310"," 
engine_version":"0.103.1.0","method":"blacklist"},"Kaspersky":{"ca 
tegory":"undetected","engine_name":"Kaspersky","engine_update" 
:"20210311","engine_version":"15.0.1.13","method":"blacklist"}, "Bit 
Defender":{"category":"undetected","engine_name":"BitDefender", 
"engine_update":"20210311","engine_version":"7.2","method":"bla 
cklist"},"NANO- 
Antivirus" {"category": undetected","engine_name":"NANO- 
Antivirus","engine_| update":"20210310","engine_version"."1.0.146. 
25265) "method": "blacklist"},"Paloalto":{"category":"malicious","en 
gine_| name":"Paloalto" ,"engine_update":"20210311","engine_ vers 
Onueule 0", "method": "blacklist", “result”: "generic. mi"}, "AegisLab":{"c 
tegory": "undetected," ‘engine_name":"AegisLab","engine_| ied 
"20210311","engine_ version":"4. 2","methoa": "blacklist"}, "Tencent": 
{"category": "undetected", "engine _ name": "Tencent","engine_updat 
e":"20210311","engine_version":"1.0.0.1","method":"blacklist"},"Ad 
EAWaTe! {"category": "undetected","engine_name":"Ad- 
Aware","engine_update":"20210311","engine_version":"3.0.16.117 
es "method": "blacklist"},"Trustlook": {"category”: "type- 
unsupported", "engine_name":"Trustlook","engine_update":"20210 
311","engine_version":"1.0","methoa": "blacklist"},"Sophos":{"categ 
ory":"malicious","engine_name":"Sophos","engine_update":"20210 


ory":"malicious","engine_name":"Sophos","engine_update":"20210 
310", “engine_version: "4.0.2.0","method": “blacklist”,"result":"Gene 
ric PUA P 
(PUA)'}, conedee {"category":"undetected","engine_name":"Com 
odo","engine_update":"20210310","engine_version":"33333","met 
hod":"blacklist’}, "F- 
Secure":{"category":"malicious","engine_name":"F- 
Secure","engine_update":"2021 0311" ,"engine_version":"12.0.86.5 
2","method":"blacklist","result": "Heuristic. HEUR/AGEN. il 140078"}, 
"DrWeb" :{"category":"undetected","engine_name":"DrWeb","engin 
e_update":"20210310","engine__ version":"7.0.49. 9080", "method": 
blacklist'y, "VIPRE":{"category":"undetected", “engine_| name":"VIPR 
E","engine_update":"20210311","engine_version":"90996","metho 
d":"blacklist"}, "TrendMicro": {"category":"undetected","engine_nam 
e":"TrendMicro","engine_update":"20210311","engine_version":"1 
1. 0.0.1006", "method": “blacklist"},"McAfee-GW- 
Edition": {"category": "malicious","engine_name": "McAfee- GW- 
Edition","engine_update": "20210310", "engine_version":"v2019.1.2 
+3728", "method": "placklist","result": "BehavesLike.Win32.BadFile. 
wc"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023","method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210308","engine_version":"2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"undetected" "engine_| name":"Emsisoft","engi 
ne_update":"20210311","engine_version":"2018.12.0.1641","meth 
od":"blacklist"},"Ikarus":{"category":"undetected","engine_| name":"| 
karus","engine_update":"20210310" "engine_| version": LOMES:25m 
ethod":"blacklist"},"GData":{"category":"undetected","engine_| soe 
""GData","engine_update":"20210311","engine_' version":"A:25.28 
902B:27. 22045", "method":"blacklist"}, "ESET- 
NOD32":{"category":"malicious","engine_name":"ESET 
NOD32","engine_update":"20210311","engine_| version": "22944"." 
method":"blacklist","result":"a variant of Win32/Yandex.K 
potentially 
unwanted"}, "eGambit":{"category":"undetected","engine_name":"e 
Gambit","engine_ update": "20210311","method":"blacklist"},"Avira": 
"category": "malicious","engine_| name":"Avira" ,"engine_update":"2 
0210310" “engine_version": HOt saleue "method": "blacklist","result": 
"HEUR/AGEN.11 40078"},"MAX":{"category":"undetected","engine 
_name":"MAX","engine_update":"20210311","engine_version":"20 
19.9.16.1","method":"blacklist"},"Antiy- 
AVL": {"category": "undetected","engine_name":"Antiy- 
AVL","engine_update":"20210310","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210311","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"undetecte 
d","engine_name":"Gridinsoft","engine_update":"20210310", “engin 
e_version":"1.0.31.122", "method": "blacklist'}, "Arcabit": "category": 
"undetected","engine_name":"Arcabit","engine_update":"2021031 
1","engine_ version":"1.0.0.881 ""method":"blacklist"},"ViRobot":{"c 
ategory": "undetected","engine_name":"ViRobot","engine_update”: 
"20210310","engine_version":"2014.3.20.0","method":"blacklist"}," 
ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm" 
,"engine_update":"20210311","engine_version":"1.0","method":"bl 
acklist"},"Avast-Mobile":{"category":"type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210310","engine_version":"210310- 
02", "method": "blacklist"},"Microsoft": "category": "malicious","engin 
e_name":"Microsoft","engine_| update": "20210311","engine_versio 
n":"1.1.17900.7", "method": "blacklist","result": "PUA:Win32/Puamso 
nAlmp, "Cynet":{"category": "malicious", "engine_name":"Cynet","e 
ngine_update":"20210310","engine_' version”:"4.0.0. oon ‘method: s 
blacklist","result":"Malicious (score: 
85)"}, "BitDefenderFalx": "category": "type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine _ version":"2.0.936", "method": “placklist"}, "AhnL 
ab- V3": {"category":"undetected","engine_name":"AhnLab- 
V3","engine_update":"20210311","engine_version":"3.19.5.10130" 
,"method":"blacklist"},"Acronis" :{"category":"undetected","engine_n 
ame":"Acronis","engine_update":"20210211","engine_version":"1. 
1.1.81","method":"blacklist"},"BitDefenderTheta":{"category":"unde 
tected","engine_name"."BitDefenderTheta","engine_update"."2021 
0304","engine_version":"7.2.37796.0","method":"blacklist"},"ALYac 
os {"category": "undetected","engine_ name":"ALYac" ,"engine_updat 
e":"20210311" "engine_| version":"1.1.3.1","methoa": "placklist"y "TA 
CHYON": {"category":"undetected","engine_name":"TACHYON","e 
ngine_update":"20210311 ""engine_version":"2021 -03- 


ngine_update":"20210311 ","engine_version"."2021 —03- 
11.01","method":"blacklist"},"VBA32":{"category":"undetected","en 
gine_| name": "VBA32","engine_update":"20210310","engine_versio 
n":"4.4.1", "method": "blacklist", "Malwarebytes": {"category":"malicio 
ise "engine_| name":"Malwarebytes","engine_update":"20210310"," 
engine_version":"4.2.1.18", "method": "blacklist","result":"Malware.A 
1.4205047358"},"Zoner": {"category": "undetected" ,"engine_name":" 
Zoner","engine_update":"20210310","engine_version":"0.0.0.0","m 
ethod"."blacklist’}, "TrendMicro- 
HouseCall" {"category": "undetected","engine_name":"TrendMicro- 
HouseCall","engine_update": "20210311" ,"engine_version":"10.0.0 
-1040", "method": "blacklist"}, "Rising":{"category":"undetected","eng 
ine_name":"Rising","engine_update":"20210310","engine_version" 
"25,0.0.26","method":"blacklist'}, "Yandex":{"category":"undetecte 
d","engine_name":"Yandex","engine_update":"20210309","engine 
_version":"5.5.2.24", "method": "blacklist"},"SentinelOne":{"category 
""undetected", "engine name":"SentinelOne","engine_update":"20 
21 0215" ,"engine_version":"5.0.0.20","method":"blacklist"},"MaxSe 
cure":{"category":"undetected" “engine name":"MaxSecure","engi 
ne_update":"20210306" "engine _| version": pleOlOh lee "method": "blac 
klist"},"Fortinet":{"category":"malicious","engine_name":"Fortinet"," 
engine_update":"2021031 0","engine_version":"6.2. 142.0","method 
""blacklist","result":"Riskware/Yandex"},"Webroot": {"category": "un 
detected","engine_name":"Webroot","engine_update":"20210311", 
"engine_version":"1 .0.0.403","method":"blacklist"},"AVG":{"categor 
ve "malicious","engine_name":"AVG","engine_update":"20210311" 
,"engine_version":"21.1.5827.0","method":"blacklist","result":"FileR 
epMalware"},"Cybereason" :{"category":"malicious" "engine_name" 
:"Cybereason","engine_update":"20210307","engine_version":"1.2 
.449"""method":"blacklist","result":"malicious. 147d24"},"Panda":{"c 
ategory": "undetected" "engine. name":"Panda","engine_update":"2 
0210310","engine_version":"4.6.4.2","method": “blacklist’},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210311","engine_version":"1.0.0.1120"," 
method": "placklist","result": "Win32/T rojan.Generic.HyoDp6UA"}}, af 
ast_analysis_stats": {"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":22,"suspicious":0,"ti 
meout":0,"type- 
unsupported": 5,"undetected":48},"last_modification_date":"161743 
5183","last_submission_date":"1614750353","md5":"c69aa5ec5e8 
9e4d341199962101fe785", "meaningful_| name": "Installer_recuva.e 
xe","names";["Installer_recuva.exe"],"reputation":"0","sha1":"f966e 
d9147d24778cc440f6abd571b271 Sb3tfas" "sha256":"a4d413cab7 
2b17f19a260ea2281 déc896aabd25e4e63dc0fc826ec2b1f8c2b46c" 
,"size":"7742662","tags":["malware","runtime-modules","direct-cpu- 
clock- 
access","peexe","overlay"],"times_submitted":"1","total_votes":{"ha 
rmless": oh "malicious": "O'}, "type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"07608666 
5d1c0d1c051550301 6z2az3bz4tz", "guthentihash":"421 8da0b4ef0 
1a6b5109d628d02d60240756d4d3bab0b37634c1aba1b4a75e93" 
,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"71708","imphash":"20dd26497880c05 
caed9305b3c8b9109","import_list":[{"imported_functions":["RegCl 
oseKey","OpenProcessToken","RegOpenKeyExW","AdjustToken 
Privileges","LookupPrivilegeValueW","RegQueryValueExW"),"libra 
ry_name":"advapi32.dll"},{"imported_functions":["GetLastError","G 
etStdHandle","GetUserDefaultLangID","GetSystemInfo","GetModu 
leFileNameW","WaitForSingleObject","GetVersionExW","FreeLibr 
ary","QueryPerformanceCounter","GetTickCount","GetThreadLoca 
le","VirtualProtect","GetFileAttributesW","RtlUnwind","IstrlenW","G 
etExitCodeProcess","CreateProcessW","GetStartupInfoA","Sizeof 
Resource","GetWindowsDirectoryW","LocalAlloc","LockResource", 
"GetDiskFreeSpaceW","GetCommandLineW","SetErrorMode","Un 
handledExceptionFilter","LoadLibraryExW","MultiByteT oWideChar 
""EnumCalendar|InfoW","GetCPInfo","DeleteFileW","GetProcAddr 
ess","InterlockedCompareExchange","GetLocale|nfoW","Istrcpyn 
W","RaiseException","WideCharToMultiByte","RemoveDirectoryW 
""SetFilePointer","GetSystemDirectoryW","GetFullPathNameW"," 
ReadFile","GetEnvironmentVariableW","InterlockedExchange","Cr 
eateDirectoryW", "WriteFile", "GetCurrentProcess", "CloseHandle"," 
FindFirstFilewW","GetACP", "GetModuleHandleW" ,"SignalObjectAn 
dWait","SetEvent","FormatMessageW","LoadLibraryW","CreateEv 
entW","GetVersion","LoadResource","FindResourceW","CreateFil 
eW","VirtualQuery","VirtualFree","FindClose","TlsGetValue","Slee 
p","SetEndOfFile","TlsSetValue","ExitProcess","GetCurrentThread 
Id","VirtualAlloc","GetFileSize","SetLastError","ResetEvent"],"librar 
y_name":"kernel32.dll"},{"imported_functions":["SysReAllocStringL 


y_name":"kernel32.dll"},{"imported_functions":["SysReAllocStringL 
en","SysFreeString","SysAllocStringLen"],"library_name":"oleaut32 
_dll"},{"imported_functions"["GetSystemMetrics","SetWindowLong 
W","MessageBoxW","PeekMessageW","LoadSiringW","MessageB 
oxA","CreateWindowExW","MsgWaitForMultipleObjects","Translat 
eMessage","CharUpperBuffW","CallWindowProcW","CharNextW", 
"GetKeyboardType","ExitWindowsEx","DispatchMessageW","Dest 
royWindow'"],"library_name":"user32.dll"},{"imported_functions":["I 
nitCommonControls"],"library_name":"comctl32.dll"}],"machine_typ 
e":"332","overlay":{"chi2":906584.0625,"entropy":7.956739425659 
18,"filetype":"Data","md5":"163006bac898230b01 8df123ee6a5621 
","offset":"140800","size":"7601862"},"resource_details":[{"chi2":27 
011.357421875,"entropy":3.893685 1024627686, "filetype":"Data","| 
eet 
US","sha256":"e8f7e1743c045949fd2be45255f65892 1 4eececdb4 
920e97933dd787ea85eacé", "type":"RT_ICON"},{"chi2":19156.544 
921875,"entropy":3. 257547616958618, "filetype":"Data","lang":"DU 
TCH","sha256":"f59f62e7843b3ff992cft769a3c608acd4a85a38b3b 
302cda8507b75163659d7b", "type":"RT_ICON"},{"chi2":41 174.847 
ae ,"entropy":4.738897323608398, "filetype":"Data","lang":"EN 


US","sha256":"37fa4afffa7d70f0d9ed27b9ee8b39b9c841f71f1ef12 
diccc0035ce4a16872d" ,"type":"RT_ICON"},{"chi2":66221.414062 
5,"entropy":3.47 1505880355835, "filetype":"Data","lang":"DUTCH", 
"sha256":"dc785b2a3e4ea82bd34121cc04e80758e221f1 1ee686fc 
fd87ce49f8e6730b22","type":"RT_ICON"},{"chi2":55049.15625,"en 
ete 3.9155869483947754 ,filetype":"Data","lang": "ENGLISH 
US","sha256":"fe475f530de8cd49cbd45bd4a1 a463a5f89d5cdf04c 
789726e23c9813f5f7d4a" ,"type":"RT_ICON"},{"chi2":32078.37304 
6875,"entropy":3.9170761 108398438, "filetype":"Data","lang":"DUT 
CH","sha256":"ca8fc9621 8d0a7e691dd7b95da05a27246439822d 
09b829af240523b28fd5bb3" ,"type":"RT_ICON"},{"chi2":325636.68 
75,"entropy":5.116615295410156,"filetype":"Data","lang":"ENGLIS 


H 
US","sha256":"311239219a488bcbd1998d2aad0ed581a7ea7eal4 
fd5192fbad1 1d91368d1e2a","type":"RT. _ICON"}, {"chi2": 93509.070 
3125,"entropy":3.9136631 48880005, "filetype":"Data","lang":"DUT 
CH","sha256":"3bbacbad1 458254c59ad7d0fd9bea998d46b 7 0b8i8 
defc56aad561a293tfdae3", "type":"RT_ICON"},{"chi2":108225.070 
31 Tet ,"entropy":5.626864910125732,"filetype":"Data","lang":"ENG 


US","sha256":"9bbcc7469ac02148cd0276a994244de64deffea624 
2722c2d045377100d51643" ,"type":"RT_ICON"}, {"chi2":20233.921 
eae ,"entropy":5.973967552185059, filetype":"Data","lang":"ENGLI 


US","sha256":"34cb09fo06cb3487 10051f0157c23f9a06323c24d0f 
15def76dc1740d76ba6ab", "type":"RT_ICON"},{"chi2":10524.9267 
578125,"entropy":2.56031 1794281006, "filetype":"ASCIl 
text", "lang": "NEUTRAL","sha256":"34ea1c2173226ecc593f8a2b02 
24c51 ebbee 192871 5bda9339eec7717a822b89","type":"RT_STRI 
a oe 14322.0390625,"entropy":3.252868413925171,"filety 
pe": " | 
text","lang":"NEUTRAL","sha256":"e1d818d622875ce2cf8 188381 
6ef982aa05a724c46182b3e67875e0bc24228b1" ,"type":"RT_STRI 
ae DE rASCl 0906.435546875,"entropy":3.2691 922187805176, “fil 
LPL | 
ter "lang":"NEUTRAL","sha256":"80bc91470ef70d527d0c4e082 
4945bc3b1 7ff84f464bca425661c3e7e1972ce7","type":"RT_STRIN 
Gil Ve °45413.95703125,"entropy":3. 3326799869537354, "filety 
pe": " | 
text","lang":"NEUTRAL","sha256":"33ef72f38tc 1 fe2842c44e1 1bb3 
51194385bb 1 86fee0fadbeic9364ed52aeb93" "type":"RT_STRING" 
}, a :56357.48828 1 25,"entropy":3.3457889556884 766, "filetype 
" au 4\ 
text","lang":"NEUTRAL","sha256":"7f63f3f944a0b62f8f3b35a601 4 
1081599f7f1 75605ced7e1b4dcb80fda58c8a" ,"type":"RT_STRING 
EF Ae 44300.5625,"entropy":3.28056526 18408203, "filetype":"A 


om "lang":"NEUTRAL","sha256":"cb21f2b28bfc6b8046348c7a96 
bf97149dc5191e1cc1a4f2904a1044a008425a" ,"type":"RT_STRIN 
G"},{"chi2":1 722441 .375,"entropy":3.507 193088531 494,"filetype":" 
Data","lang":"ENGLISH 
US","sha256":"677245e2a6b2eb5495b4965b8c26025a4b26e8b8c 
21a825f658cb390b493b9a0","type":"RT_RCDATA"},{"chi2":240.0, 
“entropy":4.0,"filetype":"Data","lang":"NEUTRAL","sha256":"88d14 
cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb7 
5610","type":"RT_RCDATA"},{"chi2":3952.00146484375,"entropy": 
5.179059982299805,"filetype":"Data","lang":"NEUTRAL","sha256" 


5.179059982299805, "filetype":"Data","lang":"NEUTRAL","sha256" 
:"05efbff83471 fec1389d42d84e0e0572448b1 dabb86c1 8ee38dd646 
3ff7f927af","type":"RT_RCDATA"},{"chi2":758.90887451 17188,"en 
tropy":4.61353874206543, "filetype":"Data","lang":"NEUTRAL","sh 
a256":"3adce95b94b81 7375780b00ddc4a4140b5df24539092e73 
cec2ff26f975549ea","type":"RT_RCDATA"},{"chi2":6327.0668945 
alee cee :2.7203292846679688, "filetype":"Data","lang":"EN 
US","sha256":"67456b1 cdcca4d86c9efdf600e4fef092b7fa201ae5 
2a1fe90b66fd3c3979087","type":"RT_GROUP_ICON"},{"chi2":114 
616. ee "entropy":2.58009934425354, "filetype":"Data","lang" 
"ENGLI 
US","sha256":"97bd3d56fc84d948d1d171373e2d9de1b94796bdf0 
beda65f5ca3b2e40b5d23d" ,"type":"RT_VERSION"}, {"chi2":16758. 
3515625,"entropy":5.139651775360107,"filetype":"application/xml" 
"lang": "ENGLISH 
US","sha256":"356ca8abf1 1d97bf9dcbff47c04bf1 ddcb8685ef84d3 
Be ee ede er CG ne ee ecouieee lan 
gs":{"NEUTRAL":"9","ENGLISH 
US":"10","DUTCH":"4"},"resource_types":{"RT_MANIFEST":"1","R 
lm STRING":"6", "RT_RCDATA":"4","RT_ICON":"10","RT. ~VERSIO 
NEU GROUP_ICON": ciliate "sections": [{"chi2":656083.88,"ent 
ropy": 6.38," ;flags":"rx","md5":"0da5d73ffbc4 1 792fa65a09058a9147 
6","name":".text","raw_size":"62464","virtual_address":"4096","virt 
ual | size": "62044"}, {"chi2":65607.63,"entropy":5.78 "flags": ae "md 
5"-"2eb275566563c3f1 d0099a0da7345b74", "name":".itext","raw_s 
ize":"4096","virtual_address":"69632","virtual_size":"4004"}.{"chi2": 
506910.06,"entropy":2.3,"flags":"rw","md5":"73b859e23f5fd 1 7e00c 
08db2e0e73dfe","name":".data","raw_size":"3584","virtual_addres 
s":"73728","virtual_size":"3212"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e","name":".bss", "raw size":"0","virtual_address":"77824"," 
virtual | size": "22204"}, {"chi2": 140768. Ie "entropy":4.6,"flags": ee e 
md5":"e9b9c0328fd9628ad4d6ab8283dcb20e","name":" idata","r 
w_size":"4096","virtual_address":"102400", "virtual | size": "3588", c 
chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e", "name":".tls","raw_size":"0","virtual_address":"106496"," 
virtual | size": LGule {"chi2": 125001.0," entropy”: 0.2,"flags":"r","md5": ne 
dffc444ccc131c9dcee 8db49ee6403", "name":" rdata", "raw size":" 
512","virtual_address":"110592", "virtual | size":"24"}, {"chi2": 232725 
5.5,"entropy":4.92,"flags":"r","md5":"8c65d73e8a88a5afcdaa1617d 
dd430d5", "name":" -rsrc", "raw size":"65024","virtual_address":"114 
688", "virtual |_size":"65536'}],"timestamp":"1528982866"},"signatur 
e_ info" :{"copyright":" 
"descrotien™ RECUva v1.53 Setup (r2103021850) 
" "file version":" ""product":"Recuva v1.53 
""x509":[{"algorithm":"sha1RSA","cert issuer":"GlobalSign Root 
CA","name":"GlobalSign CodeSigning CA - G2","serial 
number":"04 00 00 00 00 01 2F 4E E1 35 
5C","thumbprint":"9000401777DD2B43393D7B594D2FF4CBA451 
6B38","valid from":"201 1-04-13 10:00:00","valid to":"2019-04-13 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"GlobalSign 
CodeSigning CA - G2","name":"YANDEX LLC","serial 
number":"11 21 OF F6 46 2B 63 D5 5A FB AA 81 F9 C7 34 A7 AA 
94" "thumbprint":"BB78DAE10569A0018990FDF9AB79F02F1A38 
7F87","valid from":"2015-09-25 10:44:52","valid to":"201 7-09-25 
10:44:52" "valid_usage":"Code 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"GlobalSign Root 
CA","name":"GlobalSign Timestamping CA - G2","serial 
number":"04 00 00 00 00 01 2F 4E E1 52 
D7","thumbprint":"COE49D2D7D90A5CD427F02D9125694D5D6E 
C5B71","valid from":"2011-04-13 10:00:00","valid to":"2028-01-28 
12:00:00"},{"algorithm":"sha1RSA","cert issuer":"GlobalSign 
Timestamping CA - G2","name":"GlobalSign TSA for MS 
Authenticode - G2","serial number":"11 21 D6 99 A7 64 97 3E F1 
F8 42 7E E9 19 CC 53 41 
14","thumbprint":"63B82FAB61F583909695050B00249C502933E 
C79","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign CodeSigning CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 37 
E8","thumbprint":"4E34C4841080D07059EFC1F3C5DE4D79905 
A36FF","valid from":"201 1-08-02 10:00:00","valid to":"201 9-08-02 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert issuer":"GlobalSign 
CodeSigning CA - SHA256 - G2","name":"YANDEX LLC","serial 


CodeSigning CA - SHA256 - G2","name":"YANDEX LLC","serial 
number":"11 21 B9 06 4E 5F 57 13 DC C7 34 91 3C 8D EQ 3B 98 
FC","thumbprint":"6E90A81FOC6BE60A5ED6F9C685165201 13E 
D6CAO", "valid from":"2015-11-10 15:46:29","valid to":"201 7-11-10 
15:46:29","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign Timestamping CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 50 
04","thumbprint":"91 843BBD936D86EAFA42A3AFBF33E9283106 
8F99","valid from":"201 1-08-02 10:00:00","valid to":"2029-03-29 
10:00:00"},{"algorithm":"sha256RSA","cert issuer":"GlobalSign 
Timestamping CA - SHA256 - G2","name":"GlobalSign TSA for 
MS Authenticode advanced - G2","serial number":"11 21 ED 90 18 
CA AQ 27 B7 62 6C 52 6B 90 6D 93 F5 
67","thumbprint":"37C041 8CA8480BBACE02E000EC8846AD3DB 
691EC","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"},{"algorithm":"sha1RSA","cert 
issuer": 'GlobalSign Root CA","name":"GlobalSign CodeSigning 
CA - G2","serial number":"04 00 00 00 00 01 2F 4E E1 35 
5C" ,"thumbprint”: "9000401777DD2B43393D7B594D2FF4CBA451 
6B38","valid from":"201 1-04-13 10:00:00","valid to":"2019-04-13 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"GlobalSign 
CodeSigning CA - G2","name":"YANDEX LLC","serial 
number":"11 21 OF F6 46 2B 63 D5 5A FB AA 81 F9 C7 34 A7 AA 
94","thumbprint":"BB78DAE10569A001 8990FDF9AB79F02F1A38 
7F87","valid from":"2015-09-25 10:44:52","valid to":"201 7-09-25 
10:44:52" "valid_usage":"Code 
Signing"}, ir ‘algorithm":"sha1RSA","cert issuer":"GlobalSign Root 
CA","name":"GlobalSign Timestamping CA - G2","serial 
number":"04 00 00 00 00 01 2F 4E E1 52 
D7","thumbprint":"COE49D2D7D90A5CD427F02D9125694D5D6E 
C5B71","valid from":"201 1-04-13 10:00:00","valid to":"2028-01-28 
12:00:00"},{"algorithm":"sha1RSA","cert issuer":"GlobalSign 
Timestamping CA - G2","name":"GlobalSign TSA for MS 
Authenticode - G2","serial number":"11 21 D6 99 A7 64 97 3E F1 
F8 42 7E E9 19 CC 53 41 
14" "thumbprint" :"63B82FAB61F583909695050B00249C502933E 
C79","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign CodeSigning CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 37 
E8","thumbprint":"4E34C4841080D07059EFC1F3C5DE4D79905 
A36FF","valid from":"201 1-08-02 10:00:00","valid to":"201 9-08-02 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert issuer":"GlobalSign 
CodeSigning CA - SHA256 - G2","name":"YANDEX LLC","serial 
number":"11 21 B9 06 4E 5F 57 13 DC C7 3491 3C 8D EQ 3B 98 
FC","thumbprint":"6E90A81FOC6BE60A5ED6F9C685165201 13E 
D6CAO", "valid from":"2015-11-10 15:46:29","valid to":"2017-11-10 
15:46:29","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign Timestamping CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 50 
04","thumbprint":"9 1843BBD936D86EAFA42A3AFBF33E9283106 
8F99","valid from":"201 1-08-02 10:00:00","valid to":"2029-03-29 
10:00:00"},{"algorithm":"sha256RSA","cert issuer":"GlobalSign 
Timestamping CA - SHA256 - G2","name":"GlobalSign TSA for 
MS Authenticode advanced - G2","serial number":"11 21 ED 90 18 
CA AQ 27 B7 62 6C 52 6B 90 6D 93 F5 
67","thumbprint":"37C0418CA8480BBACE02E000EC8846AD3DB 
691EC","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"},{"algorithm":"sha1RSA","cert 
issuer": "GlobalSign Root CA","name":"GlobalSign CodeSigning 
CA - G2","serial number":"04 00 00 00 00 01 2F 4E E1 35 
5C","thumbprint":"9000401777DD2B43393D7B594D2FF4CBA451 
6B38","valid from":"201 1-04-13 10:00:00","valid to":"2019-04-13 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"GlobalSign 
CodeSigning CA - G2","name":"YANDEX LLC","serial 
number":"11 21 OF F6 46 2B 63 D5 5A FB AA 81 F9 C7 34 A7 AA 
94", "thumbprint":"BB78DAE10569A001 8990FDF9AB79F02F1A38 
7F87","valid from":"2015-09-25 10:44:52","valid to":"201 7-09-25 
10:44:52" ,"valid_usage":"Code 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"GlobalSign Root 
CA","name":"GlobalSign (eee ae G2","serial 
number":"04 00 00 00 00 01 2F 4E E15 
D7","thumbprint": "COE49D207D90A8CD427F02D91 25694D5D6E 
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D7","thumbprint":"COE49D2D7D90A5CD427F02D9125694D5D6E 
C5B71","valid from":"201 1-04-13 10:00:00","valid to":"2028-01-28 
12:00:00"},{"algorithm":"sha1RSA","cert issuer":"GlobalSign 
Timestamping CA - G2","name":"GlobalSign TSA for MS 
Authenticode - G2","serial number":"11 21 D6 99 A7 64 97 3E F1 
F8 42 7E E9 19 CC 53 41 
14","thumbprint":"63B82FAB61F583909695050B00249C502933E 
C79","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign CodeSigning CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 37 
E8","thumbprint":"4E34C4841080D07059EFC1F3C5DE4D79905 
A36FF","valid from":"201 1-08-02 10:00:00","valid to":"201 9-08-02 
10:00:00","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA","cert issuer":"GlobalSign 
CodeSigning CA - SHA256 - G2","name":"YANDEX LLC","serial 
number":"11 21 B9 06 4E 5F 57 13 DC C7 34 91 3C 8D EQ 3B 98 
FC","thumbprint":"6E90A81FOC6BE60A5ED6F9C685165201 13E 
D6CAO", "valid from":"2015-11-10 15:46:29","valid to":"2017-11-10 
15:46:29" "valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert 
issuer":"GlobalSign","name":"GlobalSign Timestamping CA - 
SHA256 - G2","serial number":"04 00 00 00 00 01 31 89 C6 50 
04","thumbprint":"9 1843BBD936D86EAFA42A3AFBF33E9283106 
8F99","valid from":"201 1-08-02 10:00:00","valid to":"2029-03-29 
10:00:00"},{"algorithm":"sha256RSA","cert issuer":"GlobalSign 
Timestamping CA - SHA256 - G2","name":"GlobalSign TSA for 
MS Authenticode advanced - G2","serial number":"11 21 ED 90 18 
CA AQ 27 B7 62 6C 52 6B 90 6D 93 F5 
67","thumbprint":"37C0418CA8480BBACE02E000EC8846AD3DB 
691EC","valid from":"2016-05-24 00:00:00","valid to":"2027-06-24 
00:00:00","valid_usage":"ff"}]},"ssdeep":"196608:neA7sJ2k5CX8fik 
hyahXyahFBiBtFm5Efb:r7sdCX8fimFXFFBIBEEfb","trid":[{"file_typ 
e":"Windows Control Panel Item 
(generic)","probability":69.3},{"file_type":"InstallShield 
setup","probability":15.1},{"file_type":"Win32 Executable Delphi 
generic","probability":4.9},{"file_type":"Win64 Executable 
(generic)","probability":3.7},{"file_type":"Win32 Dynamic Link 
Library 
(generic)","probability":2.3}]},"id":"a4d413cab72b17f19a26ea2281 
d6c896aabd25e4e63dc0fc826ec2b1 f8c2b46c","links":{"self":"https 
‘//www.virustotal.com/api/v3/files/a4d413cab72b17f19a26ea2281d 
6c896aabd25e4e63dc0fc826ec2b1f8c2b46c"},"type":"file"} 


https://www. virustotal.com/gui/file/a4d413cab72b1 7f19a26ea2281 d6c896aabd25e4e63dc0fc826ec2b 


1f8c2b46c 


File Summary 


Names 
File Type 
File Type Description 


Tags 


Times Submitted 


Installer_recuva.exe 
peexe 
Win32 EXE 


malware, runtime-modules, direct-cpu-clock- 
access, peexe, overlay 


1 


TrID - file type identification tool 


File Type Probability % 
Windows Control Panel Item (generic) 69.3 
InstallShield setup Bb. 

Win32 Executable Delphi generic 4.9 

Win64 Executable (generic) 3.7 

Win32 Dynamic Link Library (generic) 2.3 


VirusTotal Analysis Summary 
Aggregate Result undetected - 48 / 75 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 0 

Failure 0 

Harmless 0 

Malicious 22 

Suspicious 0 

Timeout 0 

Type Unsupported 5 

Undetected 48 

Total 75 


Community Votes 
Total votes cast: 0 


Incoming (1) 
"2 |Pv4 Address 1.198.5.220 


VirusTotal File 
maltego.virustotal.File 


cobaltstrike_shellcode.exe 


Weight 
MeaningfulName 
File Id 


Names 

File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 


SSDEEP 


Magic 
File Size 
Tags 


Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
Reputation 


0 
cobaltstrike_shellcode.exe 


5dc0eb68a99e4b94564 1 b33icca2c4ad3b3f67 179006d2a974a605 
ced2483894 


cobaltstrike_shellcode.exe 

PEEXE 

Win32 EXE 
c8bb2b53a5b759d6d6b7202f9b735f63 

5e81 2be1 4f933f8a1 Oeb9a78cibd4853fae1505e 


5dc0eb68a99e4b94564 1 b33fcca2c4ad3b3f67 179006d2a974a605 
ced2483894 


0250875d151c0d1d1d1ie7az1aic=z 


7670a7583c0d0983228f3e8 1 6d4249bc0353aafa62702722891333 
41742569f7 


6144:CiuBnsECOPv8CAB0060+bpouy+7ntv4TpQXOnhETk:EsE 
CIGOOENto+7tv4TpK2hJ 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
229376 


peexe, direct-cpu-clock-access, checks-network-adapters, long- 
sleeps, runtime-modules 


null 
2018-03-22T20:35Z2 
2021-04-10T10:05:43Z 
2021-04-10T10:05:43Z 
2021-04-12T01 :30:43Z 


- Oo Oo 


Vifile 


{"attributes":{"creation_date":"1521750900","first_submission_date 
""1618049143","last_analysis_date":"1618049143","last_analysis 
_results":{"Bkav":{"category":"malicious","engine_name":"Bkav","e 
ngine_update":"20210410" ,"engine_version"."1 -3.0.9899","method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic":{"category 
""malicious","engine_name":"Elastic","engine_update":"20210407 
""engine_| version":"4.0. 19","methoad": “blacklist”, "result":"malicious 
(high 
confidence)"}, "DrWeb":{"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210410" "engine_version":"7.0.49.9080 
""method": "blacklist","result": "Trojan.Siggen6.51 060"},"MicroWorl 
d-eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update": "2021041 0","engine_version":"14.0.409.0 
","method":"blacklist","result":"Trojan.Agent.DDSN"},"FireEye":{"ca 
tegory":"malicious","engine_name":"FireEye","engine_update":"20 
210410","engine_version":"32.44.1.0","method":"blacklist","result": 
"Generic.mg.c8bb2b53a5b759d6"},"CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210409","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.CobaltStrk.S19453618"},"Qih 
00-360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210410","engine_version":"1.0.0.1120"," 
method":"blacklist","result":"HEUR/QVM19.1.7D6C.Malware.Gen"} 
,"McAfee":{"category":"malicious","engine_name":"McAfee","engin 
e_update":"20210410", "engine_version":"6.0.6.653","method":"bla 
cklist","result":"GenericRXLP- 
MH!C8BB2B53A5B7"},"Cylance":{"category":"malicious","engine_ 
name":"Cylance", “engine_ update": "20210410","engine_version":" 
2.3.1.101","method":"blacklist","result": "Unsafe"}, "Zillya":{"category 
"s"undetected","engine_name": “"7Zillya", "engine_update":"20210409 
""engine_| version":"2.0.0. 4337","method":"blacklist"},"SUPERAnti 
Spyware":{"category": "undetected","engine_name":"SUPERAntiSp 
yware","engine _ update": "20210409","engine_version":"5.6.0.1032 
""method": “blacklist' ‘},"Sangfor":{"category":"malicious","engine_n 
ame": "Sangfor","engine_update":"20210402","engine_version":"2. 
9.0.0","method":"blacklist”,"result":"Trojan.Win32.Save.a"},"Crowd 
Strike":{"category":"malicious","engine_name":"CrowdSirike","engi 
ne_update":"20210203","engine_version":"1.0","method":"blacklist 
""result":"win/malicious_confidence_90% 
(D)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba", 
"engine_update":"20190527", “engine_ version":"0.3.0.5","method": 
"blacklist"},"K7GW'":{"category":"malicious","engine_name":"K7G 
W","engine_update":"20210410","engine_| version":"1 1.175.36890" 
"method": "blacklist","result":"Trojan ( 0056e0aa1 
)"\,"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVir 
us","engine_update":"2021 0410","engine_version":"11.175.36890" 
,"method":"blacklist","result":"Trojan ( 0056e0aa1 
jp "Arcabit":{"category":"malicious","engine_name":"Arcabit","engi 
ne _update”: "20210410" "engine_version":"1 .0.0.881","method":"bl 
acklist","result": "Trojan. Agent.DDSN"},"BitDefenderTheta":{"categ 
ory": "malicious"," ‘engine_name":"BitDefenderTheta","engine_upda 
te":"20210402","engine_version":"7.2.37796.0", "method":"blacklist 
""result":"Al:Packer.D7176D011E"},"Cyren":{"category":"malicious 
""engine_name":"Cyren","engine_update":"20210410","engine_ve 
rsion":"6.3.0.2", “method”: "blacklist", "result":"W32/Rozena.AD.gen! 
Eldorado"}, "SymantecMobilelnsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec".{"category":"malicious","engine_name"."Symantec","eng 
ine_update":"20210409","engine_version":"1.14.0.0","method":"bla 
cklist","result": "Backdoor. Rozena’}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"2021 0410" ,"engine_version":"23109"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.W2"},"APEX";{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210404","engine_version":"6.151", 
"method":"blacklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_name":"Avast","engine_| update": "20210410","engine 
“version”: PMR SO27AOR. "method": "blacklist","result": "Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210409","engine_version":"0.103.2.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210410","engine_version":"21. 
0.1.45","method":"blacklist","result":"HEUR:Trojan.Win32.CobaltSt 
rike.gen"},"BitDefender":{"category":"malicious","engine_name":"Bi 
tDefender","engine_update":"20210410","engine_version":"7.2","m 
ethod":"blacklist","result":" Trojan.Agent. DDSN"},"NANO- 


ethod":"blacklist","result":" Trojan.Agent. DDSN"},"NANO- 
Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210410","engine_version":"1.0.146. 
25279","method":"blacklist","result":"Virus. Wins. Gen- 
Crypt.ccnc"},"Paloalto":{"category":"undetected","engine_name": 
Paloalto","engine_update":"20210410", "engine_version": "1.0","me 
thod": "blacklist"}, "AegisLab": "category": "undetected","engine_na 
me":"AegisLab","engine_update":"20210410","engine_version":"4. 
2","method": "blacklist'}, "Rising":{"category": "malicious","engine_n 
ame": 'Rising","engine_update":"20210410","engine_version":"25. 
0.0.26","method": "blacklist", "result":"Malware.HeuristiclET#H1 00% 
(RDMK:cmRtazqJVMxXXsd77aSAGgL9JPXU)"},"Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210410","engine_version":"3.0.16.117 
""method":"blacklist","result":"Trojan.Agent. DDSN"},"Trustlook":{"c 
ategory":"type- 
unsupported","engine_name":"Trustlook","engine_update"."2021 0 
410","engine_version":"1.0","method":"blacklist"},"Emsisoft":{"cate 
gory": "malicious","engine_ name": "Emsisoft","engine_update":"202 
10410","engine_version":"2018.12.0.1641", "method": "blacklist","re 
sult": "Trojan. Agent. DDSN 
(B )"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210410","engine_ version":"33425","method":" 
blacklist","result":"TrojWare. Win32. Kryptik. BYGK@59plie7"}, "F- 
Secure" "category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
ae "method": "placklist"},"Baidu":{"category":"undetected","engine_ 
name":"Baidu" ,"engine_update":"20190318" "engine_| version": 0) 
.0.2","method":"blacklist"},"VIPRE":{"category":"undetected","engin 
e_name":"VIPRE","engine_update":"20210410","engine_ version”: . 
91726","method":"blacklist"},"TrendMicro":{"category":"malicious", 
engine_name":"TrendMicro","engine_update":"20210330" engine 
_version":"11.0.0.1006","method":"blacklist","result":"Trojan.Win32 
.COBALT.SM.hp"}, "McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210410","engine_version":"v2019.1.2 
+3728", "method": "blacklist","result" "BehavesLike.Win32.Generic. 
de"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" ."method":"blacklist"},"CMC"{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate":"20210410","engine_version":"1.0.2.0","method":"blacklist", 
"result":"ML/PE-A + ATK/Cobalt- 
AH"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210410","engine_' version”:"0.1.5. 2","method": "blac 
klist","result":"Trojan.Win32.Swrort"},"Avast- 
Mobile"{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210410","engine_version":"210410- 
00", "method": "placklist"},"Jiangmin": "category": "malicious","engin 
e_name":"Jiangmin","engine_update":"20210409","engine_version 
""16.0.100","method":"blacklist","result":"Trojan. Cometer. ayd"},"W 
ebroot":{"category":"undetected","engine_name":"Webroot","engin 
e_update":"20210410","engine__ version":"1.0.0. 403", "method":"bla 
cklist"},"Avira":{"category":"malicious","engine_name":"Avira","engi 
ne_update":"20210410","engine_version":"8.3.3.12","method":"bla 
cklist","result":"TR/Crypt.XPACK.Gen"},"MAX": "category": "malicio 
us", "engine. name":"MAX","engine_update":"20210410","engine_v 
ersion":"2019.9.16.1","method":"blacklist","result":"malware (ai 
score\u003d84)"}, "Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210410","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210410","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210410","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"},"Microsoft":{"category":"malicious","engine_name":"Mi 
crosoft","engine_update":"20210410","engine_version":"1.1.18000 
5","method":"blacklist","result":"HackTool:Win32/CobaltStrike.A"}, 
"iRobot": {"category": "undetected" ,"engine_name":"ViRobot","eng 
ine_update":"20210409","engine_version": "2014. 32 010n "method": 
"blacklist"},"ZoneAlarm":{"category":"malicious","engine_name":"Z 
oneAlarm","engine_update":"20210410", "engine. version":"1.0","m 
ethoa": "blacklist", “result”: "HEUR: ‘Trojan. Win32. CobaltStrike. gen"), 
"GData": {"category": "malicious","engine_name":"GData","engine_ 
update":"20210410","engine_| version":"A:25.29279B:27. 22603","m Hi 


update":"20210410","engine_version":"A:25.29279B:27.22603","m 
ethod":"blacklist","result":"Win32.Trojan.Mexec.B"},"Cynet":{"categ 
ory":"malicious","engine_name":"Cynet","engine_update":"202104 
10","engine_version":"4.0.0.27","method":"blacklist","result":"Malici 
ous (score: 100)"},"BitDefenderFalx":{"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update 
20200916","engine_ version":"2.0.936","method":"blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210410","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211" ,"engine_| version": Piedalesdie "method":" 
blacklist"},"VBA32":{"category":"malicious","engine_| name":"VBA3 
2","engine_update":"20210409","engine_' version":"5.0. 0","method" 
“blacklist”, "result":"Trojan. CobaltStrike"}, "ALYac": {"category": "mali 
cious","engine_name":"ALYac","engine_update":"20210410","engi 
ne version": "4.1.3.1","method":"blacklist", "result": "Trojan. Agent. D 
DSN"},"TACHYON": "category": "malicious","engine_name":"TACH 
YON","engine_update":"20210410", "engine. version":"2021 -04- 

1 0.02","method":"blacklist","result":"Trojan/W32. Agent.229376. BG 
R"},"Malwarebytes":{"category":"malicious","engine_name":"Malw 
arebytes","engine_update":"20210410","engine_version":"4.2.1.18 
"method": "placklist","result":"Generic. Trojan.Malicious.DDS"},"Zo 
ner":{"category":"malicious","engine_name":"Zoner","engine_upda 
te":"20210409","engine_version":"0.0.0.0","method":"blacklist", tee 
ult":"Trojan.Win32.69381"},"TrendMicro- 

HouseCall": f ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_| update"."2021 0410","engine_version":"10.0.0 
‘il 040","method": “blacklist","result":"Trojan.Win32.COBALT.SM.hp 
"\."Tencent":{"category":"undetected","engine_name":"Tencent","e 
ngine_update":"20210410","engine_version":"1.0.0.1","method":"bl 
acklist"},"Yandex":{"category":"malicious","engine_name":"Yandex 
","engine_update": "20210409" ,"engine_version":"5.5.2.24","metho 
d":"blacklist","result":" Trojan.GenAsa!zvVdoDjE9iw"},"SentinelOne 
mat 'category": "malicious"," "\"engine_u 


, engine_name":"SentinelOne 
pdate":"20210215","engine_version":"5.0.0.20", "method":"blacklist 
""result":"Static Al - Malicious 

PE", "eGambit":{"category":"undetected","engine_name":"eGambit 
""engine_update":"20210410","method": “blacklist’}, "Fortinet":{"cat 
egory":"malicious","engine_name":"Fortinet","engine_update":"202 
10410", "engine_version":"6.2.142.0","method":"blacklist","result”:" 
W32/Rozena.WZ!tr"},"AVG":{"category":"malicious","engine_name 
""AVG","engine_update":"20210410","engine_version":"21.1.5827 
.O","method":"blacklist", “result”: "Win32: HacktoolxX- -gen 

[Tr}"}, "Panda" "category": "undetected","engine_name":"Panda", 
engine_update":"20210410","engine_ version":"4.6.4. ou "method":" 
blacklist"},"MaxSecure":{"category":"undetected", "engine name":" 
MaxSecure","engine_update":"20210409", "engine_ version":"1.0.0. 
1","method": "blacklist"}}, "last _analysis_ stats":{"confirmed- 
timeout":0,"failure" :0,"harmless":0,"malicious":50,"suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":19},"last_modification_date":"161819 
1043","last_: submission | date":"1618049143","md5":"c8bb2b53a5b 
759d6d6b7202f9b735f63","meaningful_name":"cobaltstrike_shellc 
ode.exe","names": ["cobaltstrike_ shellcode.exe","reputation":"0","s 
ha1":"5e812be1 4f933f8a10eb9a78cfbd4853fae1 505e""shao56:" 
5dc0eb68a99e4b945641 b33fcca2cd4ad3b3t671 79006d2a974a605 
ced2483894","size":"229376","tags": ‘[" peexe","direct-cpu-clock- 
access","checks-network- -adapters"," ‘long- sleeps", "runtime- 
modules", "times _submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_ description”: "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151cOd1d1die7aztat c\u003dz", "guthentihash":"7670a7583c0d09 
83228f3e8 1 6d4249bc0353aafa6270272289133341 742569f7","ma 
gic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","Create Thre 
ad" ,"GetModuleHandleA","SetUnhandledExceptionFilter" ,"GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection","VirtualQuery","TlsGetValue", "Sleep", "GetCurre 
ntThreadld", "VirtualAlloc", "LeaveCriticalSection"]," ‘library_name": Bu 
KERNEL32.dll"}, {"imported | functions":["strncmp","__Iconv_init","m 
alloc","___dllonexit","_cexit","abort","fprintf","_ fmode","_amsg_ exit", 
"write," lOCKune onexit", "_initenv","exit","__ setusermatherr","_ac 


View on VirusTotal 
GUI Url: 


"fwrite"," lock","_onexit","__initenv","exit","__ setusermatherr", 
mdlin","_unlock","free" "viprintt", "__getmainargs","calloc", "strlen", 
winmajor",' "memcpy", "signal", "_initterm","_set_app type", ~ iob"], ee 
library_name": "msvert.dll"}],"machine_type":"332","sections"[{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5": "Obc7c2f2db333e57 
78e909890d9e8894", "name":".text", "raw_size":"71 68","virtual_add 
ress":"4096", "virtual | size”: "6852"}, chia": 188014.75 “entropy”: end 
6,"flags":"rw","md5":"9d60a3432aa5'4951049c77a5dc197bb","na 
me":" data", "raw _size":"2048","virtual_address":"12288", "virtual si 
ze":"1572"},{"chi2":37294.0,"entropy":4.23, "flags":"r","md5":"77eb2 
142360efdb/76ccae3251 d953fba", “name":" data", "raw size":"102 
4","virtual_address"."1 6384", "virtual_size":"720"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98t00b204e9800998 
ecf8427e", "name":".bss", "raw size":"0","virtual_address":"20480"," 
virtual | size": mlOS2z}: {"chi2": 110707.0 "entropy" "-4.13,"flags":"rw"," 
md5":"0909722b9548232686dca098f1 77bfc9","name":".idata", "ra 
w_size":"2048","virtual_address":"24576", "virtual | size": "1584", {aC} 
hi2":123016.0,"entropy":0.27,"flags":"rw","md5":"0c2ac70a2303ea 
6ede11571 8b8aca665", "name":" .CRT", "raw size":"512","virtual_a 
ddress":"28672","virtual_size":"52"} {"chi2":124501.0 "entropy": 0.2 
2,"flags":"rw", "md5":"fbb2te55a2d41a7ed1460a1 8df87b605", "nam 
en" .tls","raw_size":"512","virtual_address":"32768","virtual_size":" 
32"), {"chi2": 11157.32, "entropy": 7.97,"flags":"rwx", "md5":"5127b0a 
328651 000879cafc52448c39e","name":".qctj", "raw size":"215040" 
"virtual_address":"36864","virtual_size":"21 4800"}],"timestamp":"1 
521750900"},"ssdeep":"6144:CiuBnsECOPv8CAB0060+bpouy+7 
ntv4TpQXOnhETk:EsECIGOO6Nto+7tv4TpK2hJ","trid":[{"file_type 
""Win32 Executable MS Visual C++ 
(generic)","probability":38.7},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)","probability":20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"5dc0eb68a99e4b945641 b33fcca 
2c4ad3b3f67179006d2a974a605ced2483894","links":{"self":"https 
://www.virustotal.com/api/v3/files/5dc0eb68a99e4b945641 b33fcca 
2c4ad3b3f67179006d2a974a605ced2483894"},"type":"file"} 


_ac 


https://www. virustotal.com/gui/file/SdcOeb68a99e4b945641 b33fcca2c4ad3b3f67 1 79006d2a974a605c 
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cobaltstrike_shellcode.exe 
peexe 
Win32 EXE 


peexe, direct-cpu-clock-access, checks-network- 
adapters, long-sleeps, runtime-modules 
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TrID - file type identification tool 


File Type Probability % 
Win32 Executable MS Visual C++ (generic) 38.7 
Microsoft Visual C++ compiled executable 20.5 
(generic) 
Win64 Executable (generic) 13.0 
Win32 Dynamic Link Library (generic) 8.1 
Win16 NE executable (generic) 6.2 
Virus Total Analysis Summary 
Aggregate Result malicious - 50 / 74 
VirusTotal Analysis Stats 
Analysis Type Number of Analysis 
Confirmed Timeout 0 
Failure 0 
Harmless 0 
Malicious 50 
Suspicious 0 
Timeout 0 
Type Unsupported 5 
Undetected ie) 
Total 74 
Community Votes 
Total votes cast: 0 
Incoming (1) 
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0 
cobaltstrike_shellcode.exe 


cd16cb61dc5eac8e5c00a6ce22a1 958fa9ba4da668c3b9578cad45 
adef7ca332 


cobaltstrike_shellcode.exe 

REEXE 

Win32 EXE 

af24df5f0367ac3e83a967a2970de1 41 
€37e92c1524b60d4b161eaec1b5422c8be322ef7 


cd16cb61dc5eac8e5c00a6ce22a1 958fa9ba4da668c3b9578cad45 
adef7ca332 


0250875d151c0d1d1d1e7az1aic=z 


5a0344341d8b4536451d84d9a195900bf57 1 a00be470f10954967 
8584a0ca268 


3072:yTWwiA9ZTJJMWb7BatGcStJGF5RAs7sq7x1C1QLu3uB8Z 
NfpOefUOT5sEsIwA:yh/p/tlzRRp7x1MQLu39fppPiESwA 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
225792 


checks-network-adapters, peexe, runtime-modules, long-sleeps, 
direct-cpu-clock-access 


null 
2018-03-22T20:35Z2 
2021-04-10T09:42:12Z2 
2021-04-10T09:42:12Z2 
2021-04-12T19:16:46Z 


- Oo Oo 


Vifile 


{"attributes":{"creation_date":"1521750900","first_submission_date 
""1618047732","last_analysis_date":"1618247417","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210412","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": "category 
""malicious","engine_name":"Elastic","engine_update":"20210407 
"engine version":"4.0. 19","method": "blacklist", "result":"malicious 
(high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210412","engine_version":"14.0.409.0 
u "method": "blacklist","result":"Trojan.Agent.DDSN"},"FireEye":{"ca 
tegory": "malicious","engine_name":"FireEye","engine_update":"20 
210412","engine_ version":"32.44.1. 0","method":"blacklist","result": 
"Generic.mg.af24df5f0367ac3e"}, "CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210412","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan. CobaltStrk.S1945361 8"},"McA 
fee" {"category":"malicious","engine_name":"McAfee","engine_upd 
ate":"20210412","engine_version":"6.0.6.653", "method": "blacklist", 
"result":"GenericRXLP- 
MH!AF24DF5F0367"},"Cylance":{"category":"malicious","engine_n 
ame":"Cylance","engine_update":"2021041 2","engine_version":"2. 
3.1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"category": 
"failure", "engine | name":"Zillya","engine_update":"20210412","engi 
ne version": "2.0.0.4338","method": "blacklist", "SUPERAntiSpywar 
e":{"category":"undetected","engine_name":"SUPERAntiSpyware", 
"engine_update":"20210409","engine_version":"5.6.0.1032","meth 
od":"blacklist"},"Sangfor":{"category":"malicious","engine_name":" 
Sangfor","engine_update":"20210402","engine_version":"2.9.0.0"," 
method":"blacklist","result":"Trojan.Win32.Save.a"}, "K7AntiVirus": { 
"category": "malicious", "engine_name":"K7AntiVirus","engine_upda 
te":"20210412","engine_version":"11.176.36903", "method":"blackli 
st","result":"Trojan ( 00520fd01 
)"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","eng 
ine_update":"20190527", "engine_version":"0.3.0.5","method":"blac 
klist","result":"Trojan: Win32/Rozena. 65c8435a"},"K7GW":{"categor 
Vas "malicious" ,"engine_name":"K7GW","engine_update":"2021041 
2","engine_version":"11.176.36904","method":"blacklist","result":"T 
rojan ( 00520fd01 
)"},"Cybereason":{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. {0367a"t, "Baidu":{"category":"un 
detected" "engine. name":"Baidu","engine_update":"20190318","e 
ngine_version":"1.0.0.2","method":"blacklist"},"Cyren" iealedonit: oH 
malicious","engine_name":"Cyren","engine_update":"20210412"," 
engine_version":"6.3.0.2","method":"blacklist","result":"W32/Rozen 
a.AD.gen!Eldorado"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210412","engine_version":"1.14.0.0","method":"bla 
cklist","result": "Backdoor. Rozena’}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210412","engine_version":"23119"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.WZ"},"APEX":{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210404","engine_version":"6.151", 
"method": "blacklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_| name": "Avast","engine_update":"20210412","engine 
_version":"21.1.5827.0", "method": "blacklist","result": "Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210412","engine_version":"0.103.2.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210412" "engine. version":"21. 
0.1.45","method":"blacklist","result":"HEUR:Trojan.Win32.Cometer 
.gen"}, "BitDefender" "category": "malicious","engine_name":"BitDe 
fender","engine_update":"20210412","engine_version":"7.2","meth 
od": "blacklist", “result” "Trojan.Agent. DDSN"}, "NANO- 
Antivirus" {" ‘category":"malicious","engine_name":"NANO- 
Antivirus","engine_update":"2021 0412","engine_version":"1 .0.146. 
25279","method": "blacklist", "result":"Virus.Win32.Gen- 
Crypt.ccnc"},"Paloalto":{"category":"malicious","engine_name":"Pa 
loalto","engine_update":"20210412","engine_version":"1.0","metho 
d": "blacklist", "result":"generic.ml"}, "ViRobot": {"category": "undetect 
ed","engine_name":"ViRobot","engine_update":"20210412","engin 
e_version":"2014.3.20.0", "method": "blacklist"},"Tencent": {"categor 
y":"malicious","engine_name":"Tencent","engine_update":"202104 


y":"malicious","engine_name":"Tencent","engine_update":"202104 
We engine_version":"1 .0.0.1","method":"blacklist","result":"Win32. 
Trojan.Cobaltstrike.Lnxs"},"Ad- 
Aware":{"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210412","engine_version":"3.0.16.117 
""method":"blacklist","result":"Trojan.Agent. DDSN"},"Trustlook":{"c 
ategory": "type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
412","engine_version":"1.0","method":"blacklist"},"TACHYON": {"ca 
tegory":"malicious","engine_name":"TACHYON","engine_update": 
"20210412" "engine. version":"2021-04- 
12.02","method":"blacklist","result":"Trojan/W32.CobaltStrike.2257 
92"), "Sophos": {"category": "malicious" ,"engine_name":"Sophos","e 
ngine_update":"20210412","engine_version":"1.0.2.0","method": "bl 
acklist","result":"ML/PE-A + ATK/Cobalt- 
AH"}, "Comodo": {"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210412","engine_version":"33432","method": e 
blacklist","result":"TrojWare.Win32.Kryptik. BYGK@59ple7", alae 
Secure" {" ‘category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame": "DrWeb","engine_update":"20210412","engine_version":"7.0 
.49.9080", "method": "placklist","result":"Trojan.Siggen6.51060"},"VI 
PRE":{"category": "undetected" ,"engine_name":"VIPRE","engine_u 
pdate":"20210412","engine_version":"91778","method":"blacklist"}, 
"TrendMicro":{"category":"malicious","engine_name":"TrendMicro" 
,"engine_update":"20210330" "engine. version":"11.0.0.1006","met 
hod":"blacklist","result":"Backdoor.Win32.COBEACON.SMC"},"Mc 
Afee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "90210412", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
dc"}, "Trapmine" :{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version”: "2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210412","engine_ version": "2018.12.0.1641", "method" 
"blacklist","result":"Trojan.Agent.DDSN 
(B)"}, "Ikarus" :{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210412","engine_version":"0.1.5.2","method": “blac 
klist","result":"Trojan. Win32. Swrort"},"GData": {"category": "maliciou 
s","engine_name":"GData","engine_update":"20210412","engine_ 
version":"A:25.29300B:27.22631" ,"method":"blacklist", "result":"Wi 
n32.Trojan.Mexec.B"},"Jiangmin" a ‘category":"malicious","engine_ 
name":"Jiangmin","engine_update":"20210411","engine_version":" 
16.0.100","method":"blacklist","result":"Trojan.Cometer.ayd"},"Web 
root":{" ‘category": "undetected","engine_name":"Webroot","engine_ 
update":"20210412","engine_version":"1.0.0.403","method":"blackl 
ist"},"Avira" "category": "malicious","engine__ name":"Avira" ,"engine 
_update":"20210412","engine_version":"8.3.3.12","method":"blackl 
ist", "result":"TR/Crypt.XPACK.Gen"},"Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210412","engine_version":"2017. 
9. 26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine _ name":"Gridinsoft" ,"engine_update":"20210412","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"}, "Arcabit": {"category": "malicious" ,"engine_name":"Arc 
abit","engine_update":"20210412","engine_version":"1.0.0.881","m 
ethod": "placklist","result":" Trojan. Agent. DDSN"},"AegisLab": (cate 
gory":"malicious","engine_name":"AegisLab","engine_update":"20 
210412" ,"engine_version":"4.2","method": "blacklist","result":"Troja 
n.Win32.Generic.|Zpe"},"ZoneAlarm":{"category":"malicious","engi 
ne_name":"ZoneAlarm","engine_update":"20210412" "engine. ver 
sion":"1.0","method":"blacklist","result":" HEUR:Trojan.Win32.Coba 
ItStrike. gen"}, "Avast-Mobile": {"category": "type- 
unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210412","engine_version":"210412- 
00", "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210412","engine_versio 
n":"1.1.18000.5","method":"blacklist","result":"HackTool:Win32/Co 
baitStrike. A"}, "Cynet": {"category": "malicious" ,"engine_name":"Cyn 
et","engine_update":"20210412", "engine. version*:"4.0.0.27","met 
hod":"blacklist","result":"Malicious (score: 
100)"},"BitDefenderFalx":{"category":"type- 


100)"}, "BitDefenderFalx": {"category": "type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version": "2. 0.936", "method": “placklist"}, "AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"2021 041 2","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis":{"category":"undetected","engine_name":"Acronis","e 
ngine_update":"20210211","engine_version":"1.1.1.81", "method":" 
blacklist"}, "BitDefenderTheta": {"category":"malicious","engine_na 
me":"BitDefenderTheta","engine_update":"20210402","engine_ver 
sion":"7.2.37796.0", "method": "blacklist","result":"Al: Packer. DO8A6 
6501 E"},"ALYac":{"category": "malicious" ,"engine_name":"ALYac", 
"engine_update":"20210412","engine_version":"1.1.3.1","methoad": 
"placklist","result": "Trojan.Agent.DDSN"},"MAX":{"category":"malici 
ous", "engine | name":"MAX","engine_update":"20210412","engine 
version":"2019.9.16.1","method":"blacklist","result":"malware (ai 
score\u003d82)"}, "VBA32": {"category": "malicious", "engine_name": 
"VBA32","engine_update":"20210412","engine_version":"5.0.0","m 
ethod": "blacklist", "result":"Trojan. CobaltStrike"}, "Malwarebytes" Hu 
ategory":"malicious","engine_name":"Malwarebytes","engine_upd 
ate":"20210410" “engine. version":"4.2.1.18", "method": "blacklist", "r 
esult":"Generic. Trojan.Malicious. DDS"},"Zoner":{"category":"malici 
ous","engine_name":"Zoner","engine_update":"20210411","engine 
_version":"0.0.0.0","method":"blacklist","result":"Trojan.Win32.693 
81"},"TrendMicro- 
HouseCall": {' ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210412","engine_version":"10.0.0 
al 040","method": "blacklist", “result”: "Backdoor. Win32. COBEACON. 
SMC"},"Rising":{"category":"malicious","engine_name":"Rising","e 
ngine_update":"20210412","engine_| version": b251010 26 "method": 
"blacklist","result":"Trojan. Swrort!1.BABO 
(CLASSIC)"}, "Yandex":{"category":"malicious","engine_name":"Ya 
ndex","engine_ update": "20210409","engine_version":"5.5.2.24","m 
ethod"."blacklist”,"result":"Trojan. GenAsa!zvVdoDjE9iw"}, "Sentinel 
One": "category": "malicious","engine_name":"SentinelOne","engin 
e_update":"20210215","engine_version":"5.0.0.20","method":"blac 
klist","result":"Static Al - Malicious 
PE"},"eGambit":{"category":"undetected","engine_name":"eGambit 
""engine_update":"20210412","method": “blacklist’}, "Fortinet":{"cat 
egory":"malicious","engine__ name": "Fortinet","engine_update":"202 
10412", "engine_version"."6.2.142.0","method":"blacklist","result":" 
W32/Rozena.WZ!tr' "},"MaxSecure":{"category":"malicious","engine 
_name":"MaxSecure","engine_update":"20210412", "engine. versio 
n":"1.0.0.1","method": "blacklist", “result”: “Trojan. Malware. eee s 
regent: "AVG" :{"category": "malicious",' ‘engine_name":"AVG","e 
ine_update":"2021041 2"""engine_version":"21 all '5827.0","method": 
"blacklist","result":"Win32:HacktoolX-gen 
[Trj]"}, "Panda": {"category":"malicious","engine_name":"Panda", 
gine_update":"20210412","engine_' version": "4.6.4.2","method": bla 
cklist","result":"Generic 
Suspicious"},"CrowdStrike" :{"category":"malicious","engine_name" 
-“CrowdStrike","engine_update": "20210203" engine_version":"1 0 
""method":"blacklist","result":"win/malicious_contidence_100% 
(W)"},"Qihoo-360": "category": "malicious","engine_name":"Qihoo- 
360","engine_update":"20210412", "engine_version":"1 OLOM M202 
method":"blacklist","result":"Win32/HackTool.CobaltStrike. HxMBf 
WwA"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":1,"harmless":0,"malicious":57,"Ssuspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected": 12},"last_modification_date":"161825 
5006","last_submission_date":"1618047732","md5":"af24df5f0367 
ac3e83a967a2970de141" "meaningful_name": "cobaltstrike_shellc 
ode.exe", "names":["cobaltstrike_shellcode.exe"],"reputation”:"0","s 
ha1":"e37e92c1524b60d4b161eaec1b5422c8be322ef7","sha256": 
"cd16cb61dcbeac8e5c00abce22al 958fa9ba4da668c3b9578cad4 
5a0ef7ca332","size":"225792","tags":["checks-network- 
adapters", "neexe", "runtime-modules","long-sleeps","direct-cpu- 
clock- 
access"],"times_submitted":"1","total_votes":{"harmless":"0","malic 
ious":"0"},"type_description":"Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151c0d1d1d1e7az1a1c\u003dz", "authentihash":"5a0344341d8b4 
536451d84d9a195900bf571a00be470f1 09549e78584a0ca268"," 
magic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 


View on VirusTotal 
GUI Url: 


PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","Create Thre 
ad","GetModuleHandleA","SetUnhandledExceptionFilter","GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection","VirtualQuery","TlsGetValue","Sleep","GetCurre 
ntThreadla", "VirtualAlloc" ,"LeaveCriticalSection"], "library_name":" 
KERNEL322.dll"},{"imported_functions":["strncmp","__Iconv_init","m 
alloc","__dllonexit"," _cexit", "abort" »"fprintt", " fmode"," vamsa, exit", 
"fwrite",”_ "lock","_onexit","_initenv","exit"," setusermatherr"," ac 
mdlin"," " unlock", "free" ."viprintt", " "_getmainargs", "calloc", "strlen", ‘ 
winmajor", "memcpy", “signal”, "_initterm","__ set app type","_iob")," 
library_name":"msvert.dll"}],"machine_type":"332","sections"[{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5": "Obc7c2f2db333e57 
78e909890d9e8894", "name":".text", "raw size":"7168","virtual_add 
ress":"4096","virtual_size":"6852"}, f"chi2": 188014.75,"entropy":2.5 
6, PGs "rw", "md5":"9d60a3432aa5f4951049c77a5dc197bb","na 
e":".data","raw_size":"2048","virtual_address":"12288","virtual_si 
at "4 572"). {"chi2":37294.0 "entropy": :4.23,"flags":"r" "mds": "77eb2 
142360efdb76ccae3251d953fba","name":".rdata", wa size":"102 
4" "virtual_address": "16384", "virtual |_size":"720"}, "ch pe 
1.0 ,"entropy":0.0,"flags":"rw","md5": mit aBedge Gopz04e6800808 
ecf8427e", “name":" .bss", "raw size":"0","virtual_address":"20480"," 
virtual_size":"1052"},{"chi2":1 10717.25,"entropy":4.13,"flags":"rw"," 
md5": "80c3c07d82d85e3933b69809573c72d5", "name": "idata", "ra 
w_size":"2048","virtual_address":"24576","virtual_size":"1584"},{"c 
hi2":123016.0 “entropy”: 0.27,"flags":"rw", *md5":"0c2ac70a2303ea 
6ede1 15718b8aca665","name":".CRT", "raw size":"512","virtual_a 
Slade "28672","virtual_size":"52"}, {"chi2": 124501.0,"entropy":0.2 
2,"flags":"rw","md5":"fob2f655a2d41a7ed1460a1 8df87b605","nam 
an .tls","raw_size":"512","virtual_address":"32768", "virtual | size": - 
32"), {"chi2":10809. 16,"entropy":7.97,"flags":"rwx", "md5":"2ee46e2 
€3929850267bc42073c968cd9", "name":".ohkx", "raw size":"21145 
6","virtual_address":"36864","virtual_size":"211216"}],"timestamp": 
"1521750900"},"ssdeep":"3072:yT WwiA9ZT JJMWb/BatGcStUGF 
5RAs7sq7x1C1QLu3uB8ZNfpOefUOT5sEsIwA:yh/p/tlzRRp7x1M 
QLu39fppPiEswA","trid":[{"file_type":"Win32 Executable MS Visual 
C++ (generic)","probability":38.7},{"file_type":"Microsoft Visual 
C++ compiled executable 
(generic)","probability":20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"cd16cb61dc5eac8e5c00abce22 
al 958fa9ba4da668c3b9578cad45a0ef7ca332","links":{"self":"https 
://www.virustotal.com/api/v3/files/cd16cb61dc5eac8e5c00a6ce22a 
1958fa9ba4da668c3b9578cad45a0ef7ca332"},"type":"file"} 
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Win32 EXE 


checks-network-adapters, peexe, runtime- 
modules, long-sleeps, direct-cpu-clock-access 
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TrID - file type identification tool 


File Type Probability % 
Win32 Executable MS Visual C++ (generic) 38.7 
Microsoft Visual C++ compiled executable 20.5 
(generic) 
Win64 Executable (generic) 13.0 
Win32 Dynamic Link Library (generic) 8.1 
Win16 NE executable (generic) 6.2 
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Vhash 
Authentihash 


SSDEEP 


Magic 
File Size 
Tags 


Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
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Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
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0 
cobaltstrike_shellcode.exe 


8b1cdfb26d6f1 28b147da61decdbc3e9e64 1 6c65b8c70ec0a6d028 
cb7b2454be 


cobaltstrike_shellcode.exe 

PEEXE 

Win32 EXE 
b3a769c37807222fb88a0770b797e6a0 
7ae32ec8a5c3be157e04b41 5d4ed2ec90b88dcda 


8b 1 cdfb26d6f1 28b147da61decdbc3e9e64 1 6c65b8c70ec0a6d028 
cb7b2454be 


0250875d151c0d1d1d1e7az1aic=z 


bdf61691cae2c79dd6da2e14f61f1 1856294bf77a9b6efd1a251ae4 
d5f549ee9 


3072:1 VnAAORrUVHsXjkHjkKNLG4fo+xXOPhqFYjsbzPJSC/hZ2ilYL 
ZFVzA3urd4Ut3NgP:1VhIHSwQNFo+xYqrbLJ/AmAUP 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
224256 


peexe, direct-cpu-clock-access, checks-network-adapters, 
runtime-modules 


null 
2018-03-22T20:35Z2 
2021-04-14T 10:22:28Z2 
2021-04-14T 10:22:28Z2 
2021-04-15T11:28:04Z 


- Oo Oo 


Vifile 


{"attributes":{"creation_date":"1521750900","first_submission_date 
""1618395748","last_analysis_date":"1618395748","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210413","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": ("category 
""malicious","engine_name":"Elastic","engine_update":"20210414 
""engine_| version":"4.0. 20","method": "blacklist", "result":"malicious 
(high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210414","engine_version":"14.0.409.0 
5 "method": "blacklist","result":"Trojan.Agent.DDSN"},"FireEye":{"ca 
tegory": "malicious","engine_name":"FireEye","engine_update":"20 
210414","engine_ version":"32.44.1. 0","method":"blacklist","result": 
"Generic.mg.b3a769c378072221"}, "CAT 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210414","engine_version":"14.00" 
"method": "blacklist","result":"Trojan. CobaltStrk.S1945361 8"},"ALY 
ac":{"category":"malicious","engine_name":"ALYac","engine_updat 
e":"20210414","engine_' version":"1.1.3. 1","method": "blacklist”, "res 
ult" "Trojan.Agent. DDSN"},"Cylance": "category": "malicious","engi 
ne_name":"Cylance","engine_update":"20210414","engine_versio 
n":"2.3.1.101","method":"blacklist","result":"Unsafe"},"VIPRE":{"cat 
een: "undetected", "engine _| name":"VIPRE" ,"engine_update":"20 
210414" "engine _| version":"91820","method": "blacklist’}, "SUPERA 
ntiSpyware" :{"category": "undetected", "engine_name":"SUPERAnti 
Spyware","engine_update":"20210409","engine_version":"5.6.0.10 
32","method":"blacklist"},"Sangfor":{"category":"malicious","engine 
name":"Sangfor","engine_update":"20210402","engine_version":" 
2.9.0.0","method":"blacklist","result":"Trojan.Win32.Save.a"},"K7A 
ntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","en 
gine_update":"20210414","engine_version":"11.176.36921", "meth 
od":"blacklist","result":"Trojan ( 005704fc1 
)"},"Alibaba": "category": "undetected","engine_name":"Alibaba", 
ngine_update":"20190527","engine_version":"0.3.0.5", "method": "ol 
acklist"},"K7GW":{"category":"malicious","engine_ name": "K7GW"," 
engine_update":"20210414","engine_version":"11.176.36921","me 
thod":"blacklist","result":"Trojan (005704fc1 
yee "CrowdStrike”: {"category":"malicious","engine_name":"CrowdSt 
rike","engine_update":"20210203", "engine_version":"1 .0","method 
me "blacklist", "result":"win/malicious_confidence_90% 
(D)"}, "Arcabit": {"category":"undetected","engine_name":"Arcabit"," 
engine_update":"20210414","engine_version":"1.0.0.881","method 
""blacklist"},"Baidu":{"category":"undetected","engine_| name":"Bai 
du","engine_update":"20190318","engine_version":"1.0.0.2","meth 
od":"blacklist"},"Cyren":{"category":"malicious","engine_| name": "Cy 
ren","engine_update":"20210414","engine_version":"6.3.0.2","met 
hod": "blacklist","result": "W32/Rozena.AD. gen!Eldorado"}, "Symant 
ecMobileinsight": {"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec".{"category":"malicious","engine_name"."Symantec","eng 
ine_update":"20210414","engine_version":"1.14.0.0","method":"bla 
cklist","result": "Backdoor. Rozena"},"ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210414","engine_version":"23130"," 
method":"blacklist","result":"a variant of 
Win32/Rozena.WZ"},"APEX":{"category":"malicious","engine_nam 
e":"APEX","engine_update":"20210413","engine_version":"6.152", 
"method": "placklist","result":"Malicious"},"Avast":{"category":"malici 
ous","engine_name":"Avast","engine_update":"20210414","engine 
“version”: peel e2eOe "method": "blacklist","result": "Win32:Hackt 
oolX-gen 
[Trj]"},"ClamAV":{"category":"undetected","engine_name":"ClamA 
V","engine_update":"20210413","engine_version":"0.103.2.0","met 
hod":"blacklist"},"Kaspersky":{"category":"malicious","engine_nam 
e":"Kaspersky","engine_update":"20210414","engine_version":"21. 
0.1.45","method":"blacklist","result":"HEUR: Trojan.Win32.Cometer 
.gen"},"BitDefender":{"category":"malicious","engine_name":"BitDe 
fender","engine_update":"20210414", "engine. version":"7.2","meth 
od":"blacklist","result":"Trojan. Agent. DDSN"}, "NANO- 
Antivirus" {"category": "malicious","engine_name":"NANO- 
Antivirus","engine_update":"20210414","engine_version":"1.0.146. 
25279","method":"blacklist","result":"Virus.Win32.Gen- 
Crypt.ccnc"},"Paloalto":{"category":"undetected","engine_name": 
Paloalto","engine_update":"20210414","engine_version":"1.0","me 
thod": "blacklist", "AegisLab":{"category": "undetected","engine_na 
me":"AegisLab","engine_update":"20210414","engine_version":"4. 
2","method":"blacklist"},"Tencent":{"category":"undetected","engin 


2","method"."blacklist"},"Tencent":{"category":"undetected","engin 
e_name":"Tencent","engine_update":"20210414","engine_version" 
“"1.0.0.1","method": "blacklist’?, "Ad- 

Aware" "category": "malicious","engine_name":"Ad- 
Aware","engine_update":"20210414","engine_version":"3.0.16.117 
""method":"blacklist","result":"Trojan.Agent.DDSN"},"Trustlook":{"c 
ategory": "type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
414","engine_version":"1.0","method":"blacklist"},"TACHYON": {"ca 
tegory":"malicious","engine_name":"TACHYON","engine_update": 
"20210414" "engine. version":"2021-04- 
14.02","method":"blacklist","result":"Trojan/W32.Agent.224256.LE" 
if "Emsisoft": {"category": "malicious" ,"engine_name":"Emsisoft","en 
gine_update":"20210414","engine_version":"2018.12.0.1641","met 
hod":"blacklist","result": "Trojan. Agent.DDSN 
(B)"},"Comodo":{"category":"malicious","engine_name":"Comodo", 
"engine_update":"20210414","engine_version":"33437","methoad": u 
blacklist","result":"TrojWare.Win32.Kryptik. BYGK@59ple7", alae 
Secure" {"category": "undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb" ,"engine_update":"20210414","engine_version":"7.0 
.49.9080", "method": "placklist","result":"Trojan.Siggen6.51060"},"Zil 
lya":{"category":"undetected","engine_name":"Zillya","engine_upd 
ate":"20210413","engine_version":"2.0.0.4340","method": "blacklist 
"\."TrendMicro":{"category":"malicious","engine_name":"TrendMicr 
o","engine_update":"20210330" "engine_version":"1 1.0.0.1006"," 
method":"blacklist","result":"Backdoor.Win32.COBEACON.SMC"}, 
"McAfee-GW- 
Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update": "20210414", "engine_version":"v2019.1.2 
+3728", "method": "blacklist","result": "BehavesLike.Win32.Generic. 
de"}, "Trapmine" :{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version”: "2.10.2019.1","method":"blacklist"},"So 
phos":{"category":"malicious","engine_| name": "Sophos","engine_u 
pdate":"20210414","engine_version":"1.0.2.0","method":"blacklist", 
"result":"ML/PE-A + ATK/Cobalt- 
AH"},"SentinelOne":{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" "engine_version":"5.0.0.20"," 
method":"blacklist","result":"Static Al - Malicious PE"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name":"Avast- 
Mobile","engine_update":"20210414","engine_version":"210414- 
00","method":"blacklist"},"Jiangmin" {"category":"malicious","engin 
eC name": "Jiangmin","engine_update":"20210413","engine_version 
"""16.0.100","method":"blacklist","result":" Trojan. Cometer. ayd"},"W 
ebroot":{' category": "undetected", "engine_name":"Webroot","engin 
e_update":"20210414","engine_version":"1.0.0.403","method":"bla 
cklist"},"Avira": {"category": "malicious","engine_ name": "Avira","engi 
ne_update":"20210414","engine_version":"8.3.3.12","method":"bla 
ckiist” "result": "TR/Crypt. XPACK.Gen"},"Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210412","engine_version":"3.0.0.1","met 
hod":"blacklist"},"Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210414","engine_version":"2017. 
9.26.565","method":"blacklist"},"Gridinsoft":{"category":"malicious", 
"engine_name":"Gridinsoft","engine_update":"20210414","engine_ 
version":"1.0.37.128","method":"blacklist","result":"Trojan.Win32.A 
gent.vb!s1"}, "Microsoft": {"category": "malicious", "engine_name":"Mi 
crosoft","engine_update":"20210414","engine_version":"1.1.18000 
Sy "method": "blacklist","result": "Hack Tool:Win32/CobaltStrike. A"}, 
"ViRobot": {"category": "undetected" ,"engine_name":"ViRobot","eng 
ine_update":"20210414","engine_version":"2014.3.20.0", "method": 
"blacklist"},"ZoneAlarm":{"category":"malicious","engine_name":"Z 
oneAlarm","engine_update":"20210414", "engine version":"1.0","m 
ethod": "blacklist", "result":"HEUR:Trojan. Win32.CobaltStrike. Beate 
"GData": {"category": "malicious","engine_name":"GData","engine_ 
update":"20210414","engine_version":"A:25.29316B:27.22653","m 
ethod":"blacklist", "result":"Win32. Trojan.Mexec.B"},"Cynet": Peaied 
ory":"malicious","engine_name":"Cynet","engine_update":"202104 
12","engine_ version":"4.0.0. 27","method":"blacklist","result":"Malici 
ous (score: 100)"}, "BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916","engine_version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210414","engine_version":"3.19.7.10132" 


V3","engine_update"."2021 0414","engine_version":"3.19.7.10132" 
,"method":"blacklist","result":"Trojan/Win32.CobaltStrike.C418327 
0"},"Acronis" "category": "undetected","engine_name":"Acronis","e 
ngine_update":"20210211" "engine_| version": alloted "method": a 
blacklist"},"McAfee":{"category":"malicious","engine_| name":"McAf 
ee","engine_update":"20210414" "engine_ version": "6.0.6.653","m 
ethod":"blacklist","result":"GenericRXLP- 
MH!B3A769C37807’}, "MAX":{"category":"malicious","engine_nam 
e":"MAX","engine_| update": "20210414","engine_version":"2019.9.1 
6. 1","method":"blacklist","result":"malware (ai 
score\u003d88)"}, "VBA32": {"category":"malicious","engine_name": 
"VBA32" "engine_| update": "20210414","engine_version":"5.0.0","m 
ethod":"blacklist","result":"Trojan. CobaltStrike"}, "Malwarebytes" EC 
ategory": "malicious", "engine_name":"Malwarebytes","engine_upd 
ate":"20210413" "engine. version":"4.2.1.18", "method": "blacklist","r 
esult":"Generic. Trojan.Malicious. DDS"},"Zoner":{"category": "malici 
ous","engine_name":"Zoner","engine_update":"20210413","engine 
_version":"0.0.0.0","method":"blacklist","result":"Trojan.Win32.693 
81"},"TrendMicro- 
HouseCall": {"category": malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"2021 0414","engine_version":"1 0.0.0 
-1040", "method": "placklist","result":"Backdoor.Win32.COBEACON. 
SMC"},"Rising": {"category": "malicious","engine_name":"Rising","e 
ngine_update":"20210414","engine_version":"25.0.0.26","method": 
"blacklist","result":"Malware.HeuristicIET#100% 
(RDMK:cmRtazrPZ8OXkY3/punHVQFU9Y0S)"},"Yandex":{"categ 
ory":"malicious","engine_name":"Yandex","engine_update":"20210 
413","engine_version":"5.5.2.24","method": "blacklist", “result”: "Troj 
an. GenAsa!zvVdoDjEQiw' Me "Ikarus" :{"category": "malicious", ' ‘engin 
e_name":"Ikarus","engine_update":"2021041 4" "engine_version":" 
0.1 5.2", "method":"blacklist","result":"Trojan.Win32.Swrort"},"MaxS 
ecure":{"category":"malicious","engine_name":"MaxSecure","engin 
e_update":"20210414", "engine. version":"1.0.0.1","method": “blackl 
ist","result": "Trojan.Malware.300983.susgen"?,"Fortinet":{"category 
me "malicious", "engine_name":"Fortinet","engine_update":"2021041 
4" "engine_version":"6.2.1 42.0","method":"blacklist","result":"W32/ 
Rozena.WZ!tr"},"BitDefenderTheta":{"category":"malicious","engin 
e_name":"BitDefenderTheta","engine_update":"20210402","engin 
e_version":"7.2.37796.0","method":"blacklist","result":"Al:Packer.D 
337E1C11E"},"AVG":{"category":"malicious","engine_name":"AVG 
""engine_update":"20210414","engine_version":"21.1.5827.0","m 
ethod":"blacklist","result":"Win32:HacktoolX-gen 
[Trj]"},"Cybereason":{"category":"malicious","engine_name":"Cybe 
reason","engine_update":"20210330","engine_version":"1.2.449"," 
method":"blacklist”,"result":"malicious.378072"),"Panda":{"categor 
ie "undetected","engine_name":"Panda","engine_update":"202104 
13","engine_version":"4.6.4.2","method":"blacklist"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210414","engine_version":"1.0.0.1120"," 
method":"blacklist","result":" HEUR/QVM1 9.1.942D.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":51 ,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":18},"last_modification_date":"161848 
6084","last_submission_date":"1618395748","md5":"b3a769c3780 
7222fb88a0770b797e6a0","meaningful_name":"cobaltstrike_shell 
code.exe","names":|"cobaltstrike_shellcode.exe"],"reputation":"0"," 
sha1":"7ae32ec8a5c3be157e04b41 5d4ed2ec90b88dcda","sha25 
6":"8b1 cdfb26d6f128b147da61decdbc3e9e641 6c65b8c70ec0abd 
028cb7b2454be","size":"224256","tags"["peexe","direct-cpu- 
clock-access","checks-network-adapters", "runtime- 
modules"],"times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_ description”: "Win32 
EXE","type_tag":"peexe","unique_sources":"1","vhash":"0250875d 
151c0d1id1die/aziat c\u003dz", "guthentihash":"bdf61691cae2c7 
9dd6da2e1 4161 #1 1856294bf7 7a9bGefd1a251 ae4d5f549ee9","mag 
ic":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"36864","imphash":"829da329ce1 40d8 
73b4a8bde2cbfaa7e","import_list":[{"imported_functions":["GetLas 
tError","EnterCriticalSection","LoadLibraryW","FreeLibrary","Query 
PerformanceCounter","GetTickCount","VirtualProtect","LoadLibrar 
yA","DeleteCriticalSection","GetCurrentProcess","GetCurrentProc 
essld","UnhandledExceptionFilter","GetProcAddress","CreateThre 
ad" ,"GetModuleHandleA","SetUnhandledExceptionFilter" ,"GetStar 
tupInfoA","GetSystemTimeAsFileTime","TerminateProcess", "Initial 
izeCriticalSection", "VirtualQuery", "TlsGetValue", "Sleep", "GetCurre 
ntThreadld", "VirtualAlloc", "LeaveCriticalSection"],"library_name":" 
KERNEL82. ‘dil"}, {"imported_functions": ["strncmp","___Iconv_init","m 


View on VirusTotal 
GUI Url: 


KERNEL 32.dll"},{"imported_functions":["strncmp","__Iconv_init’,""m 
alloc","_ dllonexit","_cexit","abort","fprintf","_ fmode","_amsg_ exit", 
"fwrite"," lock","_onexit","__initenv","exit"," '— setusermatherr"," ac 
mdin"," _unlock","free","vfprintf","_ getmainargs","calloc’,"strlen”,"_ 
winmajor","memcpy","signal","_initterm"," set_app_type","_iob"]," 
library_name":"msvert.dll"}],"machine_| type":"332","sections"|{"chi 
2":89507.74,"entropy":5.83,"flags":"rx","md5":"0bc7c2f2db333e57 
78e909890d9e8894", "name":".text", "raw size":"7168","virtual_add 
ress":"4096", "virtual | size": "68527); chia": 188014.75 "entropy": PS 
6,"flags":"rw","md5":"9d60a3432aa5'4951049c77a5dc197bb","na 
me":" data", "raw size":"2048","virtual_address":"12288", "virtual si 
ze":"1572"},{"chi2":37294.0,"entropy":4.23, “flags"."r te "mds": "77eb2 
142360efdb76ccae3251 d953tba", "name": .fdata","raw_size":"102 
4" "virtual_address":"1 6384", "virtual_size":"720"},{"chi2":- 
1.0,"entropy":0.0,"flags":"rw","md5":"d41d8cd98f00b204e9800998 
ecf8427e","name":".bss","raw_ size":"0","virtual_address":"20480"," 
virtual_size":"1052"},{"chi2":1 10924.75,"entropy":4.13," 'flags": Gee f 
md5":"b3365d90c66d3f353bc961421eea513c","name":" idata",' 
w_size":"2048","virtual_address":"24576", "virtual | size":"1 584"), (" 
hi2":123016.0,"entropy":0.27, "flags":"rw",'md5":"0c2ac70a2303ea 
6ede115718b8aca665","name":".CRT","raw_size":"512","virtual_a 
ddress":'28672","Virlual_size’"52"),{"chi2":124501 0. "entropy":0.2 
2,"flags":"rw","md5":"fobb2f655a2d41a7ed1460a1 8df87b605","nam 
e""tls","raw_: size""512","virtual_address":"32768","virtual_size":" 
32"},{"chi2":10287.94,"entropy":7.97,"flags": "rwx", "md5":"27fc16b9 
832b628ffd 1 6aatda1a78842","name":".bidn"," 'raw_size":"209920"," 
virtual_address":"36864","virtual_size":"209664"}],"timestamp":"1 5 
21750900"},"ssdeep":"3072:1 VnAAORrUvHsXjkHjkNLG4fo+xXOPh 
qFYjsbzPJSC/hZ2ilYLZFVZA3Jrd4Ut3NgP:1 VAIHSwQNFo+xYqrb 
LJ/AmMAUP", "trid":[{"file_type":"Win32 Executable MS Visual C++ 
(generic)","probability":38.7},{"file_type":"Microsoft Visual C++ 
compiled executable 
(generic)","probability":20.5},{"file_type":"Win64 Executable 
(generic)","probability":13.0},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":8.1},{"file_type":"Win16 NE 
executable 
(generic)","probability":6.2}]},"id":"8b1 cdfb26d6f128b147da61decd 
bc3e9e64 1 6c65b8c70ec0a6d028cb7b2454be","links":{"self":"https 
‘//www.virustotal.com/api/v3/files/8b1 cdfb26d6f128b147da61decd 
bc3e9e64 1 6c65b8c70ec0a6d028cb7b2454be"},"type":"file"} 
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0 
launcher.exe 
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{"attributes":{"creation_date":"1522679118","first_submission_date 
"""1618050921","last_analysis_date":"1618050921","last_analysis 
_results": {"Bkav": {"category":"undetected","engine_| name”: "Bkav"," 
engine_update":"20210410","engine_version":"1.3.0.9899", "metho 
d":"blacklist"},"Elastic":{"category":"malicious","engine_ name":"Ela 
stic","engine_update":"20210407","engine_version":"4.0.19","meth 
od":"blacklist”,"result":"malicious (high confidence)"}, "MicroWorld- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210410","engine_version":"14.0.409.0 
""method":"blacklist","result":"Gen:Variant.Application.Agent.6"}," 
FireEye" :{"category": "malicious" ,"engine_name":"FireEye","engine 
_update":"20210410","engine_version":"32.44.1.0","method":"blac 
Rist" "result":"Generic. mg.cac/00bacb41d61b"}, "CAT: 
QuickHeal": {"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210409","engine_version":"14.00" 
,"method":"blacklist","result":" PUA.LoadmoneyPMF.S19249780"}," 
ALYac": {"category": "malicious" s"engine_name":"ALYac","engine_u 
pdate": "20210410","engine_version":"1.1.3.1","method":"blacklist", 
"result":"Gen:Variant.Application.Agent.6"},"Cylance":{"category": zs 
undetected","engine_name":"Cylance","engine_update":"2021041 
0","engine_| version": Px 101" "method": "blacklist"},"VIPRE":{"cat 
egory":"malicious","engine_name":"VIPRE","engine_update":"202 
10410","engine_version":"91726","method":"blacklist","result":"Troj 
an.Win32.Generic!BT"}, "SUPERAntiSpyware": {"category":"malicio 
us","engine_name":"SUPERAntiSpyware","engine_update":"2021 
0409","engine_version":"5.6.0.1032","method":"blacklist","result":" 
PUP. Downloader/Variant"}, "Sangfor":{"category": "undetected", "en 
gine_name":"Sangfor","engine_update":"20210402","engine_versi 
on":"2.9.0.0","method":"blacklist"}, erK7 AntiVirus": {"category":"malici 
ous","engine_name":"K7AntiVirus","engine_update":"20210410"," 
engine_version":"11.175.36890", "method": "blacklist","result": "Risk 
ware ( 0040eff71 
)"},"Alibaba":{"category":"undetected","engine_name":"Alibaba", 
ngine_update":"20190527","engine_version":"0.3.0.5", "method": "bl 
acklist"},"K7GW":{"category":"malicious","engine_ name": "K7GW"," 
engine_update":"20210410","engine_version":"11.175.36890","me 
thod":"blacklist","result":"Riskware ( 0040eff71 
al "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. acb41d"}, "Baidu":{"category":"u 
ndetected" "engine name":"Baidu","engine_update":"20190318"," 
engine _ version":"1 0.0.2","method":"blacklist"},"Cyren"{"category" 
"malicious","engine_name":"Cyren","engine_update":"20210410", 
"engine_version":"6.3.0.2","method":"blacklist","result":"W32/S- 
2773094c!Eldorado"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210409","engine_version":"1.14.0.0","method":"bla 
cklist","result":"SMG.Heur!gen"},"ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210410","engine_version":"23109"," 
method":"blacklist","result":"a variant of Win32/MailRu.R 
potentially 
unwanted"},"APEX":{"category":"malicious","engine_name":"APEX 
""engine_update":"20210404","engine | version”:"6, 151","method": 
"blacklist","result":"Malicious"},"Avast":{"category": "malicious" "eng 
ine_name":"Avast","engine_update":"20210410","engine_version": 
"21.1.5827.0", "method": "blacklist","result": "Win32: UnwantedSig 
[PUP]"}, "ClamAV": {"category": "malicious" ,"engine_name":"ClamA 
V","engine_update":"20210409","engine_version":"0.103.2.0","met 
hod":"blacklist","result":"Win.Malware.Mailru-6804164- 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210410","engine_version":"21.0.1.45","met 
hod"."blacklist”,"result":"not-a- 
virus: HEUR:AdWare.Win32.Machaer.gen"},"BitDefender":{"catego 
ry":"malicious","engine_name":"BitDefender","engine_update":"20 
210410" “engine_version":"7.2","method":"blacklist","result":"Gen: 
Variant Application. Agent.6"},"NANO- 
Antivirus" {"category": "undetected","engine_name":"NANO- 
Antivirus" ,"engine_update":"20210410","engine_version":"1.0.146. 
Pisyaipey "method": "blacklist"},"Paloalto":{"category":"undetected","e 
ngine_| name":"Paloalto" ,"engine_update":"20210410","engine_ver 
sion":"1.0","method":"blacklist"},"AegisLab":{"category":"undetecte 
d","engine_name":"AegisLab","engine_update":"20210410","engin 
e_version":"4.2","method":"blacklist"},"Tencent":{"category":"undet 
ected","engine_ name": "Tencent","engine_update":"20210410","en 
gine_version":"1.0.0.1","method":"blacklist"},"Ad- 
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gine_version": meOLOE ie "method": "blacklist"},"Ad- 
Aware":{"category": "malicious", ‘engine_name":"Ad- 
Aware","engine_update": "20210410", "engine_version":"3.0.16.117 
4 "method": "pblacklist","result":"Gen:Variant.Application.Agent.6"}," 
Trustlook" :{"category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
410","engine_version":"1.0","method":"blacklist"},"TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
""20210410","engine_version":"2021-04- 
10.02","method":"blacklist"},"Sophos":{"category":"malicious","engi 
ne_name": "Sophos","engine_update":"20210410", "engine_version 
nell 7.02.0","method"."blacklist",result"” Mail.ru Downloader 
(PUA)"},"Comodo":{"category":"malicious","engine_name":"Comod 
o","engine_update":"20210410","engine_version":"33425","metho 
d":"blacklist","result":"Application.Win32.MailRu. SGU es 
Secure":{"category":"undetected","engine_name":" 
Secure","engine_update":"20210331" “"engine_| version": "12. 0.86.5 
2","method":"blacklist"},"DrWeb":{"category":"malicious","engine_n 
ame":"DrWeb","engine_update":"2021 041 0","engine_version":"7.0 
-49.9080","method":"blacklist","result":"Adware. Downware.19192"} 
,Zillya":{"category":"malicious","engine_name":"Zillya","engine_up 
date":"20210409","engine_version":"2.0.0.4337","method":"blackli 
st","result":"Tool.Agent.Win32.26977"},"TrendMicro":{"category":"u 
ndetected" ,"engine_name":"TrendMicro","engine_update":"202103 
30","engine_version":"11.0.0.1006", "method": "blacklist"},"McAfee- 
GW-Edition":{"category":"malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"2021041 0","engine_version":"v201 C2 
+3728","method"."blacklist’,"result":"BehavesLike.Win32.Downloa 
der.ch"},"Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023", "method": "blacklist"},"CMC":{" 
category":"undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_' version":"2.10.2019. ils "method": "blacklist’}, ne 
msisoft":{"category":"malicious","engine_name":"Emsisoft","engine 
_update":"20210410","engine_ version":"2018.12.0. 1641", "method" 
‘"blacklist","result": "Application. Downloader 
(A)"}, "SentinelOne" :{"category":"malicious","engine_name":"Sentin 
elOne","engine_update":"20210215" "engine_ version": 20.010: 20 ee 
method": "pblacklist","result":"Static Al - Suspicious 
PE"},"GData"{"category":"malicious","engine_name":"GData", 
gine_update":"20210410","engine_version":"A:25.29279B:27. 2360 
3","method":"blacklist","result":"Gen:Variant.Application.Agent.6"}," 
Jiangmin" :{"category": "malicious" ,"engine_name":"Jiangmin","engi 
ne_update":"20210409","engine_version":"16.0.100","method":"bl 
acklist","result":"AdWare.Machaer.ad"},"Webroot"{"category”:"und 
etected","engine_name":"Webroot","engine_update":"20210410"," 
engine_version":"1.0.0.403","method":"blacklist"},"Avira":{"categor 
y": “malicious","engine_name":"Avira","engine_update":"20210410" 
,"engine_version":"8.3.3.12","method":"blacklist","result":"APPL/M 
ailRu. B"},"eGambit" "category": "malicious","engine_name":"eGam 
bit","engine_update":"2021041 0","method":"blacklist","result":"U ns 
afe.Al_Score_99%"},"Antiy- 
AVL":{"category":"undetected","engine_name":"Antiy- 
AVL","engine_update":"20210410","engine_version":"3.0.0.1","met 
hod": "blacklist’}, "Kingsoft":{"category":"undetected","engine_name 
""Kingsoft","engine_update":"20210410","engine_version":"2017. 
9.26.565","methoa": “blacklist’}, "Gridinsoft": {"category":"undetecte 
d","engine_name":"Gridinsoft","engine_update":"20210410","engin 
e_version":"1. 0.37.128","method":"blacklist"},"Arcabit":{"category": 
"malicious", "engine_name":"Arcabit’,"engine_update"."2021 0410", 
"engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.A 
pplication. Agent. 6"},"ViRobot":{"category”: "malicious" ,engine_na 
me":"ViRobot","engine_update":"20210409","engine_version":"201 
4.3.20.0", "method": "blacklist","result":"Trojan.Win32.Mailru.Gen.B" 
},"ZoneAlarm" :{"category": "undetected", "engine_name":"ZoneAlar 
m","engine_update":"20210410","engine_version":"1.0","method":" 
blacklist"}, "Avast-Mobile": "category": "type- 
unsupported”, "engine_name":"Avast- 
Mobile","engine_update":"20210410","engine_version":"210410- 
00", "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210410","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "PUA:Win32/LoadMo 


ney": "Cynet":{"category":"malicious","engine_name":"Cynet","engi 
ne_update":"20210410" "engine_version":"4.0.0.27","method":"bla 
ckiist","result”:"Malicious (score: 

100)"}, "BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update": 
20200916" "engine version":"2.0.936", "method": "placklist"},"AhnL 


20200916","engine_version":"2.0.936","method":"blacklist"},"AhnL 
ab-V3":{"category":"malicious","engine_name":"AhnLab- 
V3","engine_update":"20210410","engine_version":"3.19.7.10132" 
"method": “blacklist","result": "PUP/Win32. MailRu. R232581 "},"Acro 
nis":{"category": "undetected," "engine_name":"Acronis","engine_up 
date":"20210211","engine_' version": Al lel dei, "method": "blacklist") 
,"McAfee":{"category":"malicious","engine__ name":"McAfee" ,"engin 
e_update":"20210410","engine_version":"6.0.6.653","method":"bla 
cklist", "result": PUP- 
HAI"},"MAX":{"category":"malicious","engine_name":"MAX","engin 
e_update":"20210410","engine_version":"2019.9.16.1","method":" 
blacklist","result":"malware (ai 
score\u003d7 1 )"},"VBA32":{"category":"malicious","engine_name": 
"VBA32","engine_update":"20210409","engine_version":"5.0.0","m 
ethod": "blacklist", "result":"BScope. Adware. Machaer"},"Malwarebyt 
es":{"category":"malicious","engine_name":"Malwarebytes","engin 
e_update":"20210410", "engine. version":"4.2.1.18","method":"blac 
klist","result":"LoadMoney.Adware.BrowserHijack. DDS", "Zoner":{" 
category": "undetected","engine_name":"Zoner","engine_update":" 
re 0409","engine_version":"0.0.0.0","method": "blacklist'y, "Trend 
icro- 
HouseCall" .{" ‘category":"undetected","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210410","engine_version":"10.0.0 
-1040", "method": "placklist"},"Rising":{"category":"undetected" "eng 
ine_| name": "Rising","engine_update":"20210410","engine_version" 
:"25.0.0.26","method":"blacklist"},"Yandex":{"category":"malicious", 
"engine_ name":"Yandex" ,"engine_update":"20210409" "engine ve 
rsion":"5.5.2.24" "method": “blacklist”, “result”: "Trojan. GenAsaljAEP 
24k3Yx8"}, "Ikarus" :{"category": "malicious", ' ‘engine_name":"Ikarus" 
,"engine_update":"20210410","engine_ version”:"0.1.5. 2","method" 
"blacklist","result":"PUA.MailRu"},"MaxSecure": {"category": "malici 
ous","engine_name":"MaxSecure","engine_update":"20210409","e 
ngine_version":"1.0.0.1","method":"blacklist","result":"Adware. Adw 
are.Machaer.gen_ 172020"), "Fortinet"{"category":"malicious","engi 
ne_name":"Fortinet","engine_update":"20210410","engine_' version 
BGM aolOe "method": "blacklist", “result”: "W32/MailRu. Mitr"},"BitD 
efenderTheta" :{"category": "undetected", " ‘engine_name":"BitDefen 
derTheta","engine_update": "20210402", ,"engine_version": "72.377 
96.0","method":"blacklist"},"AVG":{"category":"malicious","engine_ 
name":"AVG","engine_update":"20210410","engine_ version":"211 
.5827.0","method":"blacklist","result":"Win32:UnwantedSig 
[PUP]"},"Panda":{"category":"undetected","engine_name":"Panda" 
,"engine_update":"20210410","engine_version":"4.6.4.2","method" 
"blacklist"}, "CrowdStrike": {"category": "malicious", "engine | name":" 
CrowdStrike","engine_update":"20210203","engine_version":"1.0", 
"method":"blacklist","result":"win/malicious_ confidence _1 00% 
(D)"},"Qihoo- 
360":{"category":"undetected","engine_name":"Qihoo 
360","engine_ update": "2021041 OF "engine version": my OLOSMZORe 
method":"blacklist"}},"last_analysis_stats":{"confirmed- 
timeout":0,"failure":0,"harmless":0,"malicious":45,"suspicious":0,"ti 
meout".0,"type- 
unsupported":5,"undetected":25},"last_modification_date":"161819 
1754","last_submission_date":"1618050921","md5":"cac700bacb4 
1d61b4e09959c4ff9ab29" ,"meaningful__ name":"launcher. exe","na 
mes" ["amigo_bundle.exe","launcher","launcher.exe"],"reputation": 
"Q","sha1":"Oeceef9d7215f39c18364a64a67eaacl 75a09297","sha 
256":"aba5683 1029c8f89b3aaf697959c01 bfcf5469691f79c6ee848 
€275b84214393","size":"1 74784" ,"tags":["peexe","signed","overlay 
" "direct- -cpu- -clock-access' ',"long-sleeps","runtime- 
modules", "malware"],"times_submitted":"1","total_votes":{"harmles 
SuOue "malicious": nO}: "type_ _description”: "Win32 
EXE" ,"type_tag":"peexe","unique_sources":"1","vhash":"01505665 
5d15156078z527237z1bz1 7z","authentihash": "#52da43b90e60001 
c46e965dd82a57 1cbb1335208222118245a 1a325e32b1 cd", "magic 
":"PE32 executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"47963","imphash":"4d6634768ec87e8 
f2e6ce3c9ec9a57fa","import_list":[{"imported_functions": ["SHGetF 
olderPathW'"]," ‘library_name": "SHELL32.dll"},{"imported_functions" 
:["CryptDestroyKey","CryptReleaseContext","CryptAcquireContext 
W","CryptVerifySignatureW","CryptHashData","CryptDestroyHash" 
."CryptCreateHash''], "library_name":"ADVAPI32.dll"},{"imported_fu 
nctions" ‘["GetLastError", “intfalizeCriticalSectionAndSpinCount’ "H 
eapFree","GetStdHandle","EnterCriticalSection","LCMapStringW'", 
"GetModuleFileNameW","GetConsoleCP","GetVersionExW","SetE 
vent" ,"QueryPerformanceCounter","|sDebuggerPresent","HeapAll 
oc","TlsAlloc","GetEnvironmentStringsW","FlushFileBuffers","Wait 
ForSingleObject","RtlUnwind","FreeLibrary","DeleteCriticalSection" 


ForSingleObject","RtlUnwind","FreeLibrary","DeleteCriticalSection" 
,"GetCurrentProcess","UnlockFile","GetStartupInfoW","GetConsol 
eMode","GetStringTypeW","GetFileSize","SetLastError","Unhandl 
edExceptionFilter","GetCommandLineW","IsValidCodePage","Get 
CPInfo","ExitProcess","LoadLibraryExW","MultiByteToWideChar"," 
HeapSize","SetFilePointerEx","FreeEnvironmentStringsW","Creat 
eDirectoryW","DeleteFileW","GetProcAddress","EncodePointer"," 
GetProcessHeap","GetTempFileNameW","SetStdHandle","RaiseE 
xception","LockFileEx","WideCharToMultiByte","RemoveDirectory 
W","TlsFree","GetModuleHandleA","GetSystemTimeAsFileTime"," 
ReadFile","FormatMessageA","SetUnhandledExceptionFilter","Get 
TempPathW","CloseHandle","|sProcessorFeaturePresent","GetAC 
P","HeapReAlloc","DecodePointer","GetModuleHandleW","LoadLi 
braryExA","GetOEMCP","LocalFree","TerminateProcess","LoadLi 
braryW","CreateEventW","GetModuleHandleExW","InitializeCritica 
ISection","OutputDebugStringW","WriteFile","CreateFileW","Creat 
eProcessW","TlsGetValue","Sleep","GetFileType","TlsSetValue"," 
GetTickCount","GetCurrentThreadld","GetCurrentProcessld","Writ 
eConsoleW","LeaveCriticalSection"],"library_name":"KERNEL32.d 
II"},{"imported_functions":["ntohl"],"library_name":"WS2_32.dll"},{"i 
mported_functions":[' '‘StringFromCLSID", "CoTaskMemFree","CoCr 
eateGuid"],"library_name":"ole32.dll"}],"machine_type":"332","over 
lay":{"chi2":90183.5625,"entropy":6.7043132781 98242,"filetype":" 
Data" ,"md5":"4e441 a8696a3e85e5da69fc6fc27e1 ed","offset":"165 
888","size":"8896"},"resource_details":[{"chi2":59998.77734375,"e 
ntropy":3.37980580329895, filetype":"Data","lang":"RUSSIAN","sh 
a256":"1 36aff7 15341 fafl d04dec77al1f1c47d44850072ef726a4 107 
1c091e3119b274c","type":"RT_VERSION"},{"chi2":4031.47216796 
875,"entropy":4.911615371704102,"filetype":"application/xml","lan 
Gps "ENGLISH 
US","sha256":"4bb79dcea0a901 f7d9eac5aa05728ae92ach42e0c 
b22e5dd14134f4421 a3d8df","type":"RT_MANIFEST"}],"resource_| 
ee {"RUSSIAN":"1","ENGLISH 

US":"1"},"resource types" :{"RT_MANIFEST":"1","RT_VERSION":" 
1"},"sections"[{"chi2":571164.5,"entropy":6.64 “flags” alXarumC ong 
fda32756ed524c7729f1c1 6d395c480", "name":".text", "raw size":"1 
07520","virtual_address":"4096","virtual_size":"1 07121 "\{"chi2":19 
25616.38,"entropy":4.72,"flags":"r","md5":"7 10826a325f1 ea2ecb2 
6f7264788f21f","name": : data", "raw _size":"39424" "virtual_addres 
s":"114688", "virtual | size":"39320"},{"chi2":542799.63,"entropy":4.3 
“flags” "rw", "mds": "2a08b13851 4c227d9f4bi2472ccel451" "name" 
:".data","raw_size":"8192","virtual_address":"155648", "virtual | size" 
aA 64"}, {"chi2":108590. 49," ‘entropy":3.68,"flags":"r" ,"md5":"d19e 
2a8a1d4126d7079dbc3104238251","name":".rsrc", "raw size":"15 
36","virtual_address":"176128", "virtual | size":" '{280"}, {"chi2":44870 
.31,"entropy":6.38,"flags":"r","md5":"d0cd7971 1e3560d8cc65937c 
d939c414", "name":".reloc", "raw size":"8192","virtual_address":"18 
0224", "virtual_size":"7684"}],"timestamp":"1522679118"},"signatur 
el info" {"copyright":"Copyright 2015","counter signers":"Symantec 
Time Stamping Services Signer - GA: Symantec Time Stamping 
Services CA - G2; Thawte Timestamping CA","counter signers 
details":[{"algorithm":"sha1RSA","cert issuer":"Symantec Time 
Stamping Services CA - G2","name":"Symantec Time Stamping 
Services Signer - G4","serial number":"OE CF F4 38 C8 FE BF 35 
6E 04 D8 6A 98 1B 1A 50","status":"This certificate or one of the 
certificates in the certificate chain is not time 
valid.","thumbprint":"65439929B67973EB192D6FF243E6767ADF 
0834E4","valid from":"12:00 AM 10/18/2012","valid to":"11:59 PM 
12/29/2020","valid usage":"Timestamp 
Signing"},{"algorithm":"sha1 RSA","cert issuer":"Thawte 
Timestamping CA","name":"Symantec Time Stamping Services 
CA - G2","serial number":"7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 
D4 06 FC 3B","status":"This certificate or one of the certificates in 
the certificate chain is not time 
valid.","thumbprint":"6C07453F FDDA08B83707C09B82FB3D15F3 
5336B1","valid from":"12:00 AM 12/21/2012","valid to":"11:59 PM 
12/30/2020","valid usage":"Timestamp 
Signing"},{"algorithm":"md5RSA", "cert issuer": Thawte 
Timestamping CA","name":"Thawte Timestamping CA","serial 
number":"00","status":"This certificate or one of the certificates in 
the certificate chain is not time 
valid.","thumbprint":"BE36A4562F B2EE05DBB3D32323ADF4450 
84ED656","valid from":"12:00 AM 01/01/1997","valid to":"11:59 
PM 12/31/2020","valid usage":"Timestamp 
Signing"}],"description":"Mail.Ru Launcher", "file 
version":"3.15.0.75","internal name":"launcher", “original 
name":"launcher.exe","product":"Mail.Ru Launcher", "signers":"LLC 
Mail.Ru; thawte SHA256 Code Signing CA; thawte","signers 
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Mail.Ru; thawte SHA256 Code Signing CA; thawte","signers 
details":[{"algorithm":"sha256RSA","cert issuer":"thawte SHA256 
Code Signing CA","name":"LLC Mail.Ru","serial number":"4A 1D 
F2 BD 12 34 C8 64 3B OD 49 88 D4 11 92 42",""status":"This 
certificate or one of the certificates in the certificate chain is not 
time 
valid.","thumbprint":"898F6304517D05CFOOB903BB82CDAD1C3 
5675D4D","valid from":"12:00 AM 07/19/2017","valid to":"11:59 
PM 10/18/2019","valid usage":"Code 
Signing"},{"algorithm":"sha256RSA", "cert issuer":"thawte Primary 
Root CA","name":"thawte SHA256 Code Signing CA","serial 
number":"71 AO B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 
CB","status":"Valid","thumbprint":"DOOCFDBF46C98A838BC10DC 
4E097AE0152C461 BC", "valid from":"12:00 AM 12/10/2013","valid 
to":"11:59 PM 12/09/2023", "valid usage":"Client Auth, Code 
Signing"},{"algorithm":"shat RSA","cert issuer":"thawte Primary 
Root CA","name":"thawte","serial number":"34 4E D5 57 20 D5 ED 
EC 49 F4 2F CE 37 DB 2B 

6D","status":"Valid","thumbprint":"91 C6ED6EESE8AC86384E548C2 
99295C756C817B81","valid from":"12:00 AM 11/17/2006","valid 
to":"11:59 PM 07/16/2036","valid usage":"Client Auth, Code 
Signing, Email Protection, Server Auth"}],"signing date":"02:25 PM 
04/02/2018", '"verified":"Signed","x509":[{"algorithm":"sha256RSA", 
"cert issuer":"thawte SHA256 Code Signing CA","name":"LLC 
Mail.Ru","serial number":"4A 1D F2 BD 12 34 C8 64 3B OD 49 88 
D4 11 92 

42" "thumbprint":"898F630451 7DO05CFOOB903BB82CDAD1 C3567 
5D4D", "valid from":"201 7-07-19 00:00:00","valid to":"2019-10-18 
23:59:59","valid_usage":"Code 
Signing"},{"algorithm":"sha256RSA","cert issuer":"thawte Primary 
Root CA","name":"thawte SHA256 Code Signing CA","serial 
number":"71 AO B7 36 95 DD B1 AF C2 3B 2B 9A 18 EE 54 
CB","thumbprint":"DOOCFDBF46C98A838BC10DC4E097AE0152 
C461BC", "valid from":"2013-12-10 00:00:00","valid to":"2023-12- 
09 23:59: 59", "valid_usage":"Client Auth, Code 

Signing"}. i ‘algorithm": "sha1RSA","cert issuer":"thawte Primary 
Root CA","name":"thawte Primary Root CA","serial number":"34 
4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 
6D","thumbprint":"91 C6EDBEESE8AC86384E548C299295C756C8 
17B81","valid from":"2006-11-17 00:00:00","valid to":"2036-07-16 
23:59:59"} {"algorithm":"sha1RSA","cert issuer":"Symantec Time 
Stamping Services CA - G2","name":"Symantec Time Stamping 
Services Signer - G4","serial number":"OE CF F4 38 C8 FE BF 35 
6E 04 D8 6A 98 1B 1A 

50","thumbprint":"65439929B67973EB 192D6FF243E6767ADF083 
4E4","valid from":"2012-10-18 00:00:00","valid to":"2020-12-29 
23:59:59","valid_usage":"ff"},{"algorithm":"sha1 RSA","cert 
issuer":"Thawte Timestamping CA","name":"Symantec Time 
Stamping Services CA - G2","serial number":"7E 93 EB FB 7C C6 
4E 59 EA 4B 9A 77 D4 06 FC 
3B","thumbprint":"6CO7453FFDDA08B83707C09B82FB3D15F353 
36B1","valid from":"2012-12-21 00:00:00","valid to":"2020-12-30 
23:59:59","valid_usage":"Timestamp 
Signing"}]},"ssdeep":"3072:+5ERKdsNSE8jWi+FnGevgjFA+WzmL 
pJhJ4RpS:+wB8qonGeoFAOlyp", "trid":[{"file_type":"Win32 
Executable MS Visual C++ 
(generic)","probability":48.8},{"file_type":"Win64 Executable 
(generic)","probability":16.4},{"file_type":"Win32 Dynamic Link 
Library (generic)","probability":10.2},{"file_type":"Win16 NE 
executable (generic)","probability":7.8},{"file_type":"Win32 
Executable 
(generic)","probability":7.0}]},"id":"aba56831029c8f89b3aaf697959 
c01bfcf546969ff79c6ee848e275b8421 4393", "links":{"self":"https:// 
www.virustotal.com/api/v3/files/aba56831 029c8f89b3aaf697959c0 
1bfcf546969ff79c6ee848e275b8421 4393"},"type":"file"} 
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File Summary 

Names 

File Type 

File Type Description 


Tags 


Times Submitted 

TrID - file type identification tool 
File Type 

Win32 Executable MS Visual C++ (generic) 
Win64 Executable (generic) 
Win32 Dynamic Link Library (generic) 
Win16 NE executable (generic) 
Win32 Executable (generic) 
Virus Total Analysis Summary 
Aggregate Result 

VirusTotal Analysis Stats 
Analysis Type 

Confirmed Timeout 

Failure 

Harmless 

Malicious 

Suspicious 

Timeout 

Type Unsupported 

Undetected 

Total 

Community Votes 

Total votes cast: 0 


Incoming (1) 
= |Pv4 Address 


amigo_bundle.exe, launcher, launcher.exe 
peexe 
Win32 EXE 


peexe, signed, overlay, direct-cpu-clock-access, 
long-sleeps, runtime-modules, malware 


| 


Probability % 
48.8 

16.4 

10.2 

7.8 

7.0 


malicious - 45/75 


Number of Analysis 
0 

0 

0 

45 


Zo 
75 


1.198.5.220 


237 


Weight 
MeaningfulName 
File Id 


Names 

File Type 

File Type Description 
MD5 

SHA-1 

SHA-256 


Vhash 
Authentihash 


SSDEEP 


Magic 
File Size 
Tags 


Capability Tags 
Downloadable 
Creation Date 

First Submission Date 
Last Submission Date 
Last Analysis Date 
Total Votes - Harmless 
Total Votes - Malicious 
Submissions 
Reputation 


0 
kgfdfjdk.exe 


4ff241b82b67e5661 1ac7a768ddb061 3af9f6d55afa4034246a5a3e 
d4a3f157e 


kgfdfjdk.exe 

PEEXE 

Win32 EXE 
aa70b2977062f2191f04a989f7e0ddb5 
be82661775ad95ad5ad2fe8c17cc313b1355526f3 


4ff241b82b67e5661 1ac7a768ddb061 3af9f6d55afa4034246a5a3e 
d4a3f157e 


014036551 5czfhz13z11z8bz 


e510c185f8b57661 d54fa36e4beffic564e956052db5396147003e8a 
f24fa3ca6 


192:aP/w4lTeGsqq/uia0KYilkW21gZOEeyKsK:aXnIT efqMux0K6k/ 
Ink 


PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
10940 


peexe, overlay, direct-cpu-clock-access, checks-network- 
adapters, runtime-modules 


null 

2013-09-09T15:33:47Z 
2021-04-14T10:12:15Z2 
2021-04-14T10:12:15Z2 
2021-04-15T16:42:02Z2 


- Oo Oo 


Vifile 


{"attributes":{"creation_date":"1378740827","first_submission_date 
""1618395135","last_analysis_date":"1618395135","last_analysis 
_results": {"Bkav": {"category":"malicious","engine_| name": "Bkav","e 
ngine_update":"20210413","engine_version":"1.3.0.9899", "method 
""blacklist","result":"W32.AlDetect.malware1"},"Elastic": "category 
""malicious","engine_name":"Elastic","engine_update":"20210414 
""engine_| version":"4.0. 20","methoad": “blacklist”, "result":"malicious 
(high 
confidence)"},"DrWeb":{"category":"malicious","engine_name":"Dr 
Web","engine_update":"20210414","engine_ version":"7.0.49.9080 
fe pe ode ‘"blacklist","result":"Trojan. DownLoad3.28507"},"Micro 
World- 
eScan":{"category":"malicious","engine_name":"MicroWorld- 
eScan","engine_update":"20210414","engine_version":"14.0.409.0 
. "method": "blacklist","result":"Trojan.Ppatre.Gen.1"},"FireEye":{"c 
ategory": "malicious","engine_name":"FireEye","engine_update":"2 
0210414","engine_' version":"32.44.1. 0","method":"blacklist","result 
""Generic.mg.aa70b297 7062121 9"}, "CAT- 
QuickHeal":{"category":"malicious","engine_name":"CAT- 
QuickHeal","engine_update":"20210414","engine_version":"14.00" 
,"method":"blacklist","result":"Trojan.Mauvaise.SL1"},"McAfee":{"c 
ategory": "malicious","engine_name":"McAfee","engine_update":"2 
Papen "engine version":"6.0.6. 653", "method": "blacklist","result 
wee atre- 
FACV!AA70B2977062"},"Cylance":{"category":"malicious" "engine 
_name":"Cylance","engine_update":"20210414","engine_version": 
2.3.1.101","method":"blacklist","result":"Unsafe"},"Zillya":{"categor 
We “undetected”, "engine_name":"Zillya","engine_update":"2021041 
4 "engine version":"2.0.0. 4340","methoa": “blacklist, "SUPERAnti 
Spyware":{"category":"malicious","engine_name":"SUPERAntiSpy 
ware","engine_update": "20210409", "engine_version":"5.6.0.1032", 
"method":"blacklist","result":"Trojan.Agent/Gen- 
Downloader"},"Sangfor":{"category":"malicious","engine_name":"S 
angfor","engine_update":"20210402","engine_version":"2.9.0.0"," 
method":"blacklist","result":"Win. Malware. Upatre-6877602- 
0"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVi 
rus","engine_update":"20210414","engine_version":"11.176.36921 
"""method":"blacklist","result":"Trojan-Downloader ( 0050fef41 
Hah "Alibaba": "category": "undetected","engine_name":"Alibaba", 
ngine_update":"20190527","engine_version":"0.3.0.5", "method": "bl 
acklist"}, BKZGW": {"category":"malicious","engine_| name": "K7GW"," 
engine_update":"20210414","engine_version":"11.176.36921","me 
thod":"blacklist","result":"Trojan-Downloader ( 0050fef41 
ale "Cybereason" :{"category":"malicious","engine_name":"Cyberea 
son","engine_update":"20210330","engine_version":"1.2.449","met 
hod":"blacklist","result":"malicious. 77062f"), "BitDefenderTheta": {EC 
ategory": "malicious", "engine_name":"BitDefenderTheta","engine_ 
update":"20210402", "engine_version":"7.2.37796.0","method":"bla 
cklist","result":"Gen: NN.ZexaF.34670. amX@aSSRkhj"},"Cyren":{" 
category":"malicious","engine_name":"Cyren","engine_update":"20 
Z| a 4","engine_version":"6.3.0.2","method":"blacklist","result":"W 
32/S- 
79ee1585!Eldorado"},"SymantecMobilelnsight":{"category":"type- 
unsupported","engine_name":"SymantecMobilelnsight","engine_u 
pdate":"20210126","engine_version":"2.0","method":"blacklist"},"S 
ymantec":{"category":"malicious","engine_name":"Symantec","eng 
ine_update":"20210414","engine_version":"1.14.0.0","method":"bla 
cklist","result":"ML.Attribute. HighConfidence"}, "ESET- 
NOD32": {"category":"malicious","engine_name":"ESET- 
NOD32","engine_update":"20210414","engine_version":"23130"," 
method":"blacklist","result":"a variant of 
Win32/TrojanDownloader.Small.PRL"},"APEX":{"category":"malici 
ous","engine_name":"APEX","engine_update":"20210413","engine 
_version":"6.152","method":"blacklist","result":"Malicious"},"Avast": 
{"category": "malicious" s"engine_| name":"Avast" ,"engine_update":"2 
0210414","engine_version":"21.1.5827.0","method":"blacklist","res 
ult":"Win32:Trojan- 
gen"},"ClamAV":{"category":"malicious","engine_name":"ClamAV", 
"engine_update":"20210413", "engine_version":"0.1 03.2.0","metho 
d":"blacklist","result":"Win. Malware. Upatre-6877602- 
0"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersk 
y","engine_update":"20210414","engine_version":"21.0.1.45","met 
be "blacklist","result":"HEUR:Trojan.Win32.Generic"},"BitDefend 
r":{"category":"malicious","engine_name":"BitDefender", tts 
upeate "20210414","engine_version":"7.2","method": "blacklist","r i 
sult": "Trojan. Ppatre. Gen. 1"},"NANO- 
Antivirus":{"category":"malicious","engine_name":"NANO- 
Antivirus" ,"engine_update":"20210414","engine_version":"1.0.146. 


Antivirus","engine_update":"20210414","engine_version":"1.0.146. 
25279","method":"blacklist","result":"Trojan.Win32.DownLoad3.fnp 
zlc"},"Paloalto":{"category": “undetected","engine_name":"Paloalto" 
,"engine_update":"20210414","engine_version":"1.0","method":"bl 
acklist"},"ViRobot":{"category":"undetected","engine_name":"ViRo 
bot","engine_update":"20210414","engine_version":"2014.3.20.0", 
"method": "placklist"},"Tencent":{"category":"malicious","engine_na 
me":"Tencent","engine_update":"20210414","engine_version":"1.0 
.0.1","method":"blacklist","result":"Malware. Win32.Gencirc.10b0ce 
5d"}, "Ad-Aware": {"category":"malicious","engine_name":"Ad- 
Aware","engine_update":"20210414", "engine_version":"3.0.1 6.117 
""method":"blacklist’,"result":" Trojan. Ppatre.Gen. 1"},"Trustlook":{" 
category":"type- 
unsupported","engine_name":"Trustlook","engine_update":"20210 
414","engine_version":"1.0","method": "blacklist"}, "TACHYON":{"ca 
tegory":"undetected","engine_name":"TACHYON","engine_update 
""20210414","engine_version":"2021-04- 
14.02","method":"blacklist"},"Sophos":{"category":"malicious","engi 
ne_ name": "Sophos","engine_update":"20210414","engine_' version 
"-"70.2.0","method":"blacklist","result":"ML/PE-A + Troj/Upatre- 
XO"}, "Comodo": {"category": "malicious" ,"engine_name":"Comodo", 
"engine_update":"20210414","engine_version":"33437","methoad": a 
blacklist","result":"TrojWare. Win32. TrojanDownloader. Small.CDC 
@8mzstr"}, "F- 
Secure":{"category":"undetected","engine_name":"F- 
Secure","engine_update":"20210331","engine_version":"12.0.86.5 
ae "method": "placklist"},"Baidu":{"category":"malicious","engine_na 
me":"Baidu" ,"engine_update":"20190318","engine_version":"1.0.0. 
2","method":"blacklist","result":"Win32.Trojan- 
Downloader.Waski. k"},"VIPRE":{"category":"malicious","engine_na 
me":"VIPRE","engine_update":"20210414","engine_ version":"9182 
0","method":"blacklist","result":"Trojan- 
Downloader.Win32. Upatre. a 
(v)"},"TrendMicro":{"category":"malicious","engine_name":"TrendM 
icro","engine_update":"20210330", "engine. version":"11.0.0.1006", 
"method": “placklist","result": "TROJ_UPATRE. SM37"},"McAfee- 
GW-Edition": {"category": "malicious","engine_name":"McAfee-GW- 
Edition","engine_update":"20210414","engine_version":"v2019.1.2 
+3728","method"."blacklist","result":"BehavesLike Win32.Upatre.lz 
"\."Trapmine":{"category":"type- 
unsupported","engine_name":"Trapmine","engine_update":"20200 
727","engine_version":"3.5.0.1023" ."method":"blacklist"},"CMC":{" 
category”: "undetected","engine_name":"CMC","engine_update":"2 
0210327","engine_version":"2.10.2019.1","method":"blacklist"},"E 
msisoft":{"category":"malicious","engine_| name": "Emsisoft","engine 
_update":"20210414","engine_version":"2018.12.0.1641","method" 
"blacklist","result": "Trojan. Ppatre.Gen.1 
(B)"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engi 
ne_update":"20210414","engine_ version":"0.1.5. 2","method": "blac 
klist","result":"Trojan- 
Downloader.Win32. Upatre"},"GData":{"category":"malicious", engi 
ne_name":"GData","engine_update":"20210414","engine_version" 
°"A:25.29316B:27.22653","method":"blacklist","result":"Win32. Troj 
an- 
Downloader.Upatre.BJ"},"Jiangmin":{"category":"malicious","engin 
e_name":"Jiangmin","engine_update":"20210413","engine_version 
""16.0.100","method":"blacklist","result":"Trojan. Generic. dbkqp"}," 
Webroot":{"category":"undetected","engine_name":"Webroot","eng 
ine_update":"20210414","engine_version":"1.0.0.403", "method":"bl 
acklist"},"Avira":{"category":"malicious","engine_name":"Avira","en 
gine_update":"20210414","engine_version":"8.3.3.12", “method":"bl 
SC eeu :"TR/Crypt.XPACK.Gen"},"eGambit": {"category": "CO 
nfirmed- 
timeout","engine_name":"eGambit","engine_update":"20210414"," 
method":"blacklist"},"Antiy- 
AVL":{"category":"malicious","engine_name":"Antiy- 
AVL","engine_update": "20210412" ,"engine_version":"3.0.0.1","met 
hod":"blacklist","result":"Trojan[Downloader]/Win32.Upatre"}, "King 
soft":{' ‘category”: "undetected","engine_name":"Kingsoft","engine_ 
update":"20210414","engine_version":"2017.9.26.565","method":" 
blacklist"}, "Gridinsoft": {"category":"undetected", "engine name":"Gr 
idinsoft","engine_update":"20210414","engine_version":"1.0.37.12 
8","method":"blacklist"},"Arcabit":{"category":"malicious","engine_n 
ame":"Arcabit","engine_update":"20210414","engine_version":"1.0 
0.881" "method": "blacklist","result":"Trojan.Ppatre.Gen.1 "\."Aegis 
Lab": {"category": "undetected","engine_name":"AegisLab","engine 
_update":"20210414","engine_version":"4.2","method":"blacklist"}," 
ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm"," 


ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm"," 
engine_update":"20210414" ,"engine_version": "1.0","method":"blac 
klist","result":" HEUR:Trojan.Win32.Generic"},"Avast- 
Mobile":{"category":"type-unsupported","engine_name"."Avast- 
Mobile","engine_update":"20210414","engine_version":"210414- 
00", "method": "blacklist"},"Microsoft":{"category":"malicious","engin 
eC. name": "Microsoft","engine_update":"20210414","engine_versio 
n":"1.1.18000.5", "method": "blacklist","result": "TrojanDownloader: 
Wind2iUpatre. AY, "Cynet": "category": "malicious","engine_name": 
Cynet","engine_update":"20210412","engine_version":"4.0.0.27"," 
method":"blacklist","result":"Malicious (score: 
100)"}, "BitDefenderFalx": {"category":"type- 
unsupported","engine_name":"BitDefenderFalx","engine_update":" 
20200916" "engine version":"2.0.936", "method": "placklist"},"AhnL 
ab-V3":{"category":"undetected" "engine name":"AhnLab- 
V3","engine_update":"20210414","engine_version":"3.19.7.10132" 
,"method":"blacklist"},"Acronis":{"category":"malicious","engine_na 
me":"Acronis","engine_update":"20210211","engine_version":"1.1. 
1.81","method": "blacklist","result":"suspicious"},"VBA32":{"categor 
We "malicious" "engine_name"."VBA32","engine_update"."2021 041 
4","engine_version":"5.0.0","method":"blacklist","result":"BScope.T 
rojan.Downloader"},"ALYac":{"category": "malicious", "engine_nam 
e":"ALYac","engine_update":"20210414" "engine_version":"1 slack] 
iE “method":"blacklist’,"result":"Trojan.Ppatre.Gen.1 "\ "MAX":{"cate 
gory":"malicious","engine_name":"MAX","engine_update":"202104 
14","engine_version":"2019.9.16.1","method":"blacklist","result":"m 
alware (ai 
score\u003d86)"},"Malwarebytes":{"category":"malicious","engine_ 
name":"Malwarebytes","engine_update":"20210413" "engine_versi 
on":"4. 2.1.18","method":"blacklist","result":"Trojan. Downloader"},"Z 
oner' "category": "undetected" "engine name":"Zoner","engine_up 
date":"20210413","engine_version":"0.0.0.0","method": "blacklist’}, “ 
TrendMicro- 
HouseCall": {' ‘category":"malicious","engine_name":"TrendMicro- 
HouseCall","engine_update":"20210414","engine_version":"10.0.0 
ae "method: "blacklist", “result”: "TROJ |_UPATRE. -SM37"}, "Risi 
"category":"malicious","engine_name":"Rising","engine_updat 
e":"20210414" ,"engine_| version":"25.0.0. 26", "method": "placklist","r 
esult”: "Dropper.Generic!8.35E 
(TFE:dGZIOgOO4sg9wk5g5g)"},"Yandex":{"category":"malicious", 
“engine_name"."Yandex","engine_update"."2021 0413","engine_ve 
rsion":"5.5.2.24","method":"blacklist","result":" Trojan.GenAsa!xjw/x 
ZS1BKE"}, "SentinelOne": {"category": "malicious","engine_name":" 
SentinelOne", “engine_update”: "20210215","engine_version":"5.0. 
0.20", "method": ‘blacklist","result":"Static Al - Malicious 
RE: "MaxSecure": "category": "malicious","engine_name":"MaxSe 
cure","engine_update":"20210414" "engine_version":"1 .0.0.1","me 
thod": "placklist","result":"Trojan.Upatre.Gen"},"Fortinet":{"category" 
:"malicious" “"engine_name".’Fortinet","engine_update":"2021 0414 
""engine_version":"6.2.142.0","method":"blacklist","result":"W32/Ti 
ny.NIVitr"},"AVG";{"category":"malicious","engine_name":"AVG","e 
ngine_update":"20210414","engine_version":"21.1.5827.0","metho 
d":"blacklist","result":"Win32:Trojan- 
gen"},"Panda":{"category":"malicious","engine_name":"Panda","en 
gine_update":"20210413","engine_ version":"4.6.4. 2","method":"bla 
cklist","result": "Tri/Genetic. gen"}, "CrowdStrike" category": "malici 
ous", "engine name":"CrowdSirike","engine_update":"20210203"," 
engine_version":"1. 0","method":"blacklist","result":"win/malicious _ 
confidence_100% (D)"},"Qihoo- 
360":{"category":"malicious","engine_name":"Qihoo- 
360","engine_update":"20210414","engine_version":"1.0.0.1120"," 
method":"blacklist","result":" HEUR/QVM20.1 .942D.Malware.Gen"} 
},"last_analysis_stats":{"confirmed- 
timeout": ,"failure":0,"harmless":0,"malicious":56,"Suspicious":0,"ti 
meout":0,"type- 
unsupported":5,"undetected":13},"last_modification_date":"161850 
4922" ,"last_submission_date":"1618395135","md5":"aa70b297706 
2f2191f04a989f7e0ddb5","meaningful_name":"kgfdfjdk.exe","nam 
es":["kgfdfjdk.exe"]," "reputation": "O","shai": “"be82661 775ad95a5ad 
2fe8c1 7cc313b1355526f3","sha256":"4ff241b82b67e5661 1ac7a7 
68ddb061 3af9f6d55ata4034246a5a3ed4a3it 57e","size":"10940"," 
tags":["peexe","overlay","direct-cpu-clock-access", “checks- 
network- -adapters", "runtime- 
modules"],"times_submitted":"1","total_votes":{"harmless":"0","mali 
cious":"0"},"type_description":"Win32 
EXE" "type_tag": "peexe", "unique_sources":"1","vhash":"01403655 
15czfhz13z11z8bz","authentihash":"e510c1 85f8b57661d54fa36e4 
befic564e956052db53961 47003e8af24fa3ca6","magic":"PE32 


ww 


View on VirusTotal 
GUI Url: 


beffc564e956052db5396147003e8af24fa3ca6","magic":"PE32 
executable for MS Windows (GUI) Intel 80386 32- 
bit","pe_info":{"entry_point":"4096","imphash":"d0b82851 84365a8 
38ba34f4f2ef57766","import_list":[{"imported_functions":["ShellExe 
cuteW"],"library_name":"SHELL32.dll"},{"imported_functions":["He 
apAlloc","CreateFileW","GetCurrentDirectoryW","HeapCreate","Ge 
tFileSize","GetModuleFileNameW","WriteFile","ReadFile","GetMod 
uleHandleW","GetTempPathW","ExitProcess","CloseHandle","Del 
eteFileW","IstrempW","IstrlenW"],"library_name":"KERNEL@2.dll"},{ 
"imported_functions":["HttpQueryInfoW","InternetQueryOptionW"," 
InternetConnectW","InternetReadFile","InternetSetOptionW","Http 
SendRequestW","InternetOpenW","HttpOpenRequestW'"J,"library_ 
name":"WININET.dIl"},{"imported_functions":["wsprintfW"],"library__ 
name":"USER32.dll"}],"machine_type":"332","overlay":{"chi2":4783 
46.75,"entropy":3.400552749633789,"filetype":"ASCII 
text","md5":"73374c667925266d74e6f4a66a304696","offset":"409 
6","size":"6844"},"sections":[{"chi2":13724.0,"entropy":5.47,"flags": 
"rx","md5":"4153dc7b1c6f0abe2ded2cdaee46fe09","name":".text", 
"raw size":"1024","virtual_address":"4096",'"virtual_size":"939"}, ("C 
hi2":122724.36,"entropy":3.6,"flags":"r" ,"md5": "7bbb8b0367 1b362 
1be2ee44083007ea2", *name":" .rdata","raw_size":"1536","virtual_a 
ddress":"8192","virtual_size":"1036"}, {"chi2": 130560.0,"entropy":0. 
0, "flags":"r" "mds": "bf6T JeacOcdf3f68d496ea9344137e8b", "name" 

"reloc", "raw size":"512","virtual_address":"12288","virtual_size":" 
156"}], "timestamp": mall 378740827", "ssdeep":"192: aP/w4lTeGsqq/u 
iaOKYilkW21gZOEeyKsK:aXnITefgMux0K6k/Ink","trid":[{"file_type 
""Win32 Dynamic Link Library 
(generic)","probability":29.6},{"file_type":"Win16 NE executable 
(generic)","probability":22.7},{"file_type":"Win32 Executable 
(generic)", "probability": 20.3},{"file_type":"OS/2 Executable 
(generic)","probability":9.1},{"file_type":"Generic Win/DOS 
Executable","probability":9.0}]},"id":"4ff24 1b82b67e5661 1ac7a768 
ddb061 3af9fed55ata4034246a5a3ed4a3i157e", "links":{"self":"http 
s://www.virustotal.com/api/v3/files/4ff24 1b82b67e5661 1ac7a768d 
db061 3af9f6d55afa4034246a5a3ed4a3f157e"},"type":"file"} 


https://www. virustotal.com/gui/file/4ff24 1b82b67e5661 1ac7a768ddb061 3af9f6d55afa4034246a5a3ed 
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File Summary 

Names 

File Type 

File Type Description 


Tags 


Times Submitted 

TrID - file type identification tool 

File Type 

Win32 Dynamic Link Library (generic) 
Win16 NE executable (generic) 
Win32 Executable (generic) 

OS/2 Executable (generic) 

Generic Win/DOS Executable 


kgfdfjdk.exe 
peexe 
Win32 EXE 


peexe, overlay, direct-cpu-clock-access, checks- 
network-adapters, runtime-modules 


1 


Probability % 
29.6 

Cah 

208 

9.1 

9.0 


VirusTotal Analysis Summary 
Aggregate Result malicious - 56 / 75 


VirusTotal Analysis Stats 


Analysis Type Number of Analysis 
Confirmed Timeout 1 

Failure 0 

Harmless 0 

Malicious 56 

Suspicious 0 

Timeout 0 

Type Unsupported 5 

Undetected 13 

Total 75 


Community Votes 
Total votes cast: 0 


Incoming (1) 
2 |Pv4 Address 1.198.5.220 

IPv4 Address 
maltego.IPv4Address 
23.236.62.147 

Weight 0 

IP Address 23.236.62.147 

Internal false 

owner 

Before 

After 


Include Media Type 

Exclude Media Type 

Date Resolved 2014-12-05T00:00Z 
Resolver VirusTotal 


Incoming (1) 
® Domain coldpacific.com 


IPv4 Address 
maltego.IPv4Address 


198.54.126.85 


Weight 0 

IP Address 198.54.126.85 
Internal false 

owner 

Before 

After 


Include Media Type 

Exclude Media Type 

Date Resolved 2020-12-21T01:04:21Z2 
Resolver VirusTotal 


Incoming (1) 
® Domain codebiogblog.com 


IPv4 Address 
. maltego.I|Pv4Address 


23.106.122.88 


Weight 0 

IP Address 23.106.122.88 
Internal false 

owner 

Before 

After 


Include Media Type 
Exclude Media Type 


Date Resolved 2021-01-23T07:44:45Z 
Resolver Virus Total 

Incoming (1) 

® Domain coldpacific.com 


IPv4 Address 
vs maltego.I|Pv4Address 


62.149.128.151 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 


Incoming (1) 
® Domain 


IPv4 Address 
maltego.IPv4Address 


212 lee 7 


= 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 


Incoming (1) 


@ 


Domain 


= 


Weight 
IP Address 
Internal 


IPv4 Address 
maltego.IPv4Address 


45.147.230.201 


owner 
Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 


Incoming (1) 


® 


Domain 


0 
62.149.128.151 
false 


2019-12-11T00:02:59Z 
VirusTotal 


fabioluciani.com 


0 
PAP ane by 
false 


2020-12-21T07:25:50Z 
VirusTotal 


hireproplus.com 


0 
45.147.230.201 
false 


2021-01-23T07:37:51Z 
VirusTotal 


mediterraneanroom.org 


IPv4 Address 
vs maltego.IPv4Address 
94.227 .98.220 


Weight 

IP Address 

Internal 

owner 

Before 

After 

Include Media Type 
Exclude Media Type 
Date Resolved 
Resolver 


Incoming (1) 
® Domain 


0 
54.227 .98.220 
false 


2021-04-08T03:11:29Z 
VirusTotal 


bestwing.org 


